CVEDB API

Vulnerabilities

Vulnerable Software

Jenkins: >> Jenkins >> 2.138.4 Security Vulnerabilities

CVE-2019-1003050

The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names.

CVSS Score

5.4

EPSS Score

0.011

Published

2019-04-10

CVE-2019-1003003

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g. to persist access to temporarily compromised user accounts.

CVSS Score

7.2

EPSS Score

0.022

Published

2019-01-22

CVE-2019-1003004

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indefinitely even though the user account may have been deleted in the mean time.

CVSS Score

7.2

EPSS Score

0.021

Published

2019-01-22

Page 11

Vulnerabilities

Vulnerable Software

Jenkins: >> Jenkins >> 2.138.4 Security Vulnerabilities

Products

Pricing

Contact Us