This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Cloudbees First view 2013-02-24
Product Jenkins Last view 2014-05-14
Version 1.466.2.1 Type Application
Update -  
Edition enterprise  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:cloudbees:jenkins

Activity : Overall

Related : CVE

  Date Alert Description
6.8 2014-05-14 CVE-2013-2034

Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.

2.1 2014-04-10 CVE-2013-2033

Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors.

2.6 2013-02-24 CVE-2013-0158

Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors.

3.5 2013-02-24 CVE-2012-6074

Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via unspecified vectors.

5.8 2013-02-24 CVE-2012-6073

Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

4.3 2013-02-24 CVE-2012-6072

CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

CWE : Common Weakness Enumeration

%idName
40% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
40% (2) CWE-20 Improper Input Validation
20% (1) CWE-352 Cross-Site Request Forgery (CSRF)

Snort® IPS/IDS

Date Description
2014-03-13 Win.Trojan.Sdconsent outbound connection
RuleID : 29644 - Type : MALWARE-CNC - Revision : 5

Nessus® Vulnerability Scanner

id Description
2013-06-14 Name: The remote web server hosts a job scheduling / management system that is affe...
File: jenkins_1_514.nasl - Type: ACT_GATHER_INFO
2013-05-04 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_622e14b1b40c11e2844100e0814cab4e.nasl - Type: ACT_GATHER_INFO
2013-03-06 Name: The remote web server hosts a job scheduling / management system that is affe...
File: jenkins_1_498.nasl - Type: ACT_GATHER_INFO