Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624.
References…
[org.jenkins-ci.main:jenkins-core] Exposure of Sensitive Information in Jenkins Core
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.
References
https://nvd.nist.gov/vuln/detail/CVE-2016-…
[org.jenkins-ci.main:jenkins-core] Exposure of Sensitive Information in Jenkins Core
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.
References
https://nvd.nist.gov/vuln/d…
[org.jenkins-ci.main:jenkins-core] Exposure of Sensitive Information in Jenkins Core
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.
References
https://nvd.nist…
[org.jenkins-ci.main:jenkins-core] Missing permissions check in Jenkins Core
Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (s…
[org.jenkins-ci.main:jenkins-core] Incorrect Authorization in Jenkins Core
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the “full name.”
References
https://nvd.nist.gov/vuln/detail/CVE-2016-3722
https://access.redha…
[org.apache.drill:drill-common] Apache Drill vulnerable to Cross-site Scripting
In Apache Drill 1.11.0 and earlier, when submitting form from Query page, users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Q…
[commons-fileupload:commons-fileupload] Arbitrary file write in Apache Commons Fileupload
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in …
[edu.internet2.middleware:shibboleth-identityprovider] Improper Certificate Validation in vt-ldap
DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject’s Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL serve…
[org.apache.geode:geode-core] Apache Geode gfsh authorization vulnerability
When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:M…