Shodan
Vulnerabilities
Vulnerable Software
Jenkins:  >> Jenkins  >> 1.105  Security Vulnerabilities
CVE-2014-3666
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.
CVSS Score
7.5
EPSS Score
0.01
Published
2014-10-16
CVE-2014-3667
Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.
CVSS Score
4.0
EPSS Score
0.0
Published
2014-10-16
CVE-2014-3680
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM.
CVSS Score
4.0
EPSS Score
0.0
Published
2014-10-16
CVE-2014-3661
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake.
CVSS Score
5.0
EPSS Score
0.001
Published
2014-10-16
CVE-2014-3662
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts.
CVSS Score
5.0
EPSS Score
0.001
Published
2014-10-16
CVE-2014-3664
Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors.
CVSS Score
4.0
EPSS Score
0.002
Published
2014-10-15
CVE-2014-3681
Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.002
Published
2014-10-15
CVE-2013-2033
Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
2.1
EPSS Score
0.002
Published
2014-04-10
CVE-2014-2059
Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name.
CVSS Score
6.5
EPSS Score
0.028
Published
2014-03-01
CVE-2014-2067
Cross-site scripting (XSS) vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note."
CVSS Score
3.5
EPSS Score
0.001
Published
2014-03-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved