Product

Cloudbees Jenkins 1.324


View All Versions

Vulnerability History

Weakness Analysis

Related Vulnerabilities

more
Vulnerability Severity Score Release Date Summary
CVE-2013-0327 6.8 March 19, 2013

Cross-site request forgery (CSRF) vulnerability in Jenkins master in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to hijack the authentication of users via unknown vectors.

CVE-2013-0328 4.3 March 19, 2013

Cross-site scripting (XSS) vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2013-0329 7.5 March 19, 2013

Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to bypass the CSRF protection mechanism via unknown attack vectors.

CVE-2013-0330 4.0 March 19, 2013

Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to build arbitrary jobs via unknown attack vectors.

CVE-2012-0325 4.3 March 9, 2012

Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324.

CVE-2012-0324 4.3 March 9, 2012

Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325.

CVE-2014-2059 6.5 Feb. 28, 2014

Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name.

CVE-2014-2067 3.5 Feb. 28, 2014

Cross-site scripting (XSS) vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note."

CVE-2011-4344 2.6 Dec. 1, 2011

Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins before 1.438, and 1.409 LTS before 1.409.3 LTS, when a stand-alone container is used, allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.

CVE-2013-0331 4.0 March 19, 2013

Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticated users with write access to cause a denial of service via a crafted payload.

Followers