what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 83 RSS Feed

Files

Jenkins 2.56 CLI Deserialization / Code Execution
Posted Sep 22, 2020
Authored by Shelby Pace, SSD | Site metasploit.com

An unauthenticated Java object deserialization vulnerability exists in the CLI component for Jenkins versions 2.56 and below. The readFrom method within the Command class in the Jenkins CLI remoting component deserializes objects received from clients without first checking / sanitizing the data. Because of this, a malicious serialized object contained within a serialized SignedObject can be sent to the Jenkins endpoint to achieve code execution on the target.

tags | exploit, java, code execution
advisories | CVE-2017-1000353
SHA-256 | 3729c358cb302e4f78e19a3ad5a83bfe54ed6e185ea35041abb6038c065373da

Related Files

Red Hat Security Advisory 2024-3636-03
Posted Jun 6, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3636-03 - An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include bypass and traversal vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2023-48795
SHA-256 | 0e8d58b536656dc4d77e0524da5f5d037ce00f8875c08de1e37b2298eb097f56
Red Hat Security Advisory 2024-3635-03
Posted Jun 6, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3635-03 - An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include bypass and traversal vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2023-48795
SHA-256 | 29e937251cb0f86785d28ea34924323c0afeed6d808c503826dcdbd6854e0663
Red Hat Security Advisory 2024-3634-03
Posted Jun 6, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-3634-03 - An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.14. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include bypass and traversal vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2023-48795
SHA-256 | 471e894523b102b73eb86c40b950766e9ab27385d99f7b4285b2a5264571c5aa
Jenkins 2.441 Local File Inclusion
Posted Apr 15, 2024
Authored by Matisse Beckandt

Jenkins version 2.441 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2024-23897
SHA-256 | bd541e95b84e90dc4cbb0bfe35af5cd5870fc359b6d836f3a3eb70857003a87a
Red Hat Security Advisory 2024-0778-03
Posted Feb 13, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0778-03 - An update for Jenkins and Jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, improper authorization, information leakage, insecure permissions, and open redirection vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss, csrf
systems | linux, redhat
advisories | CVE-2020-7692
SHA-256 | ab4f43b9e71e063c24e6665055c78987e13d3b3ffaeb136bf2ca4c7222838cb2
Red Hat Security Advisory 2024-0777-03
Posted Feb 13, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0777-03 - An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.14. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, information leakage, and open redirection vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss, csrf
systems | linux, redhat
advisories | CVE-2022-25857
SHA-256 | 3eed8a402985e9201b2959d777e66d6b3d4c828342daf0e2047df99c9352d53f
Red Hat Security Advisory 2024-0776-03
Posted Feb 13, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0776-03 - An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Issues addressed include bypass, code execution, cross site scripting, and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2021-26291
SHA-256 | 066ec355713bdfb5d17ff8adb414021618bb7df8ac5b4fbee6ddd1731eff0030
Red Hat Security Advisory 2024-0775-03
Posted Feb 13, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0775-03 - An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11. Issues addressed include bypass, code execution, cross site scripting, deserialization, information leakage, and insecure permissions vulnerabilities.

tags | advisory, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2022-1471
SHA-256 | bce52c7c00b891789e1532b690676483061f98b6a4dfcfe94e9ecadad6b53155
Jenkins 2.441 / LTS 2.426.3 Arbitrary File Read
Posted Jan 29, 2024
Authored by binganao | Site github.com

Jenkins versions 2.441 and below and LTS 2.426.3 and below remote arbitrary file read proof of concept exploit written in Python.

tags | exploit, remote, arbitrary, proof of concept, python
advisories | CVE-2024-23897
SHA-256 | 4fdefdc8a91925284359a1beec765f58e6f6a5a76aa3e27c5a5a2fb4ba6cd562
Jenkins 2.441 / LTS 2.426.3 CVE-2024-23897 Scanner
Posted Jan 29, 2024
Authored by yoryio | Site github.com

Jenkins versions 2.441 and LTS 2.426.3 arbitrary file read scanner.

tags | exploit, arbitrary
advisories | CVE-2024-23897
SHA-256 | 0a161df23c6bac97a5923092b79fd307c231d11a8c0ec701df49569cfd362dfc
Red Hat Security Advisory 2023-7288-01
Posted Nov 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7288-01 - An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.14. Issues addressed include bypass, code execution, cross site scripting, and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2022-25857
SHA-256 | 2d749ef1a874df2c3d2ea1bc5b6df6559bdc02bce42e690e1738e4800b48e48d
Ubuntu Security Notice USN-6462-2
Posted Nov 13, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6462-2 - Seth Jenkins discovered that the Linux kernel did not properly perform address randomization for a per-cpu memory management structure. A local attacker could use this to expose sensitive information or in conjunction with another kernel vulnerability. Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-0597, CVE-2023-31083, CVE-2023-3772, CVE-2023-4132
SHA-256 | 4c16f3fdcebfc5b44dc509e5a5feb0ff4952b6fea4797784253d2182ab528765
Ubuntu Security Notice USN-6462-1
Posted Nov 13, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6462-1 - Seth Jenkins discovered that the Linux kernel did not properly perform address randomization for a per-cpu memory management structure. A local attacker could use this to expose sensitive information or in conjunction with another kernel vulnerability. Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-0597, CVE-2023-31083, CVE-2023-3772, CVE-2023-4132
SHA-256 | e35c00e54afdaf6fa41cf3726741036ae7a9fc376ca95ccc4451805eb74ea686
Red Hat Security Advisory 2023-6179-01
Posted Oct 31, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-6179-01 - An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Issues addressed include bypass, code execution, cross site scripting, and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2022-25857
SHA-256 | 9bf774d4257b09a125341c848c5e9fcd820adea05d5a78b14f7420f1f63bcb7f
Red Hat Security Advisory 2023-6172-01
Posted Oct 31, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-6172-01 - An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include bypass, code execution, cross site scripting, denial of service, improper authorization, information leakage, and insecure permissions vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2020-7692
SHA-256 | 959995e5c8c8ffcb460eb26260215c7b7072fa04e4365429ecd702d04e034b5c
Red Hat Security Advisory 2023-6171-01
Posted Oct 31, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-6171-01 - An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.11. Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include bypass, code execution, cross site scripting, deserialization, information leakage, and insecure permissions vulnerabilities.

tags | advisory, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2022-1471
SHA-256 | 806b2fb0ca9c10f179c91b2e1d08b2766bbd6f208b5772e4e24f6d9e09918d44
Ubuntu Security Notice USN-6440-2
Posted Oct 20, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6440-2 - Seth Jenkins discovered that the Linux kernel did not properly perform address randomization for a per-cpu memory management structure. A local attacker could use this to expose sensitive information or in conjunction with another kernel vulnerability. It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-0597, CVE-2023-1206, CVE-2023-31083, CVE-2023-34319, CVE-2023-3772, CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921
SHA-256 | 53dde989c721b58c0ab2a8afed3fd49eb8bd3b0589646a03c93ff63b342aa7dd
Ubuntu Security Notice USN-6440-1
Posted Oct 20, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6440-1 - Seth Jenkins discovered that the Linux kernel did not properly perform address randomization for a per-cpu memory management structure. A local attacker could use this to expose sensitive information or in conjunction with another kernel vulnerability. It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service.

tags | advisory, remote, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2023-0597, CVE-2023-1206, CVE-2023-31083, CVE-2023-34319, CVE-2023-3772, CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-4622, CVE-2023-4623, CVE-2023-4881, CVE-2023-4921
SHA-256 | 598cc5d139a12c8f709abd7b1310edc18543d27b190ad6ec74fe1916b728621c
Red Hat Security Advisory 2023-3664-01
Posted Jun 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3664-01 - Release of Security Advisory for the OpenShift Jenkins image and Jenkins agent base image.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-3782, CVE-2021-46848, CVE-2022-1304, CVE-2022-1705, CVE-2022-2795, CVE-2022-28327, CVE-2022-2880, CVE-2022-32148, CVE-2022-35737, CVE-2022-36227, CVE-2022-3627, CVE-2022-3970, CVE-2022-41715, CVE-2022-41717
SHA-256 | dd336c3e2dc2db105e105127e1f2bbf79335a56f544ed3b31f07727c470cb571
Red Hat Security Advisory 2023-3663-01
Posted Jun 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3663-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, cross site scripting, denial of service, information leakage, insecure permissions, memory exhaustion, and resource exhaustion vulnerabilities.

tags | advisory, denial of service, vulnerability, xss
systems | linux, redhat
advisories | CVE-2022-2048, CVE-2022-22976, CVE-2022-40149, CVE-2022-40150, CVE-2022-41966, CVE-2022-42003, CVE-2022-42004, CVE-2023-1370, CVE-2023-1436, CVE-2023-20860, CVE-2023-26464, CVE-2023-27898, CVE-2023-27899, CVE-2023-27903
SHA-256 | a1e8f32defa19f2f1392ba490d9129bc4b5de076aa6ffae28d55d9c26539ddf8
Red Hat Security Advisory 2023-3622-01
Posted Jun 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3622-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, code execution, cross site request forgery, denial of service, information leakage, insecure permissions, and resource exhaustion vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, csrf
systems | linux, redhat
advisories | CVE-2022-29599, CVE-2022-30953, CVE-2022-30954, CVE-2023-1370, CVE-2023-1436, CVE-2023-20860, CVE-2023-20861, CVE-2023-27903, CVE-2023-27904
SHA-256 | b7935bb45130f797b9dd93023e22673b037f602a5fd4b10a7467504fa480ed2a
Red Hat Security Advisory 2023-3610-01
Posted Jun 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3610-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, memory exhaustion, and resource exhaustion vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss, csrf
systems | linux, redhat
advisories | CVE-2021-46877, CVE-2022-29599, CVE-2022-30953, CVE-2022-30954, CVE-2022-40149, CVE-2022-40150, CVE-2022-41723, CVE-2022-45693, CVE-2023-1370, CVE-2023-20860, CVE-2023-20861, CVE-2023-24422, CVE-2023-32977, CVE-2023-32981
SHA-256 | 7b9b64c4675eb47823910162607f47f837dc4f1a040d0a13d9a6614093eb3803
Red Hat Security Advisory 2023-3299-01
Posted May 25, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3299-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, cross site scripting, denial of service, deserialization, improper authorization, and information leakage vulnerabilities.

tags | advisory, denial of service, vulnerability, xss
systems | linux, redhat
advisories | CVE-2020-7692, CVE-2021-4178, CVE-2021-46877, CVE-2022-22978, CVE-2022-40151, CVE-2022-40152, CVE-2022-42889, CVE-2023-24422, CVE-2023-24998, CVE-2023-25761, CVE-2023-25762, CVE-2023-27900, CVE-2023-27901, CVE-2023-27902
SHA-256 | 070dedb972682a284f682880ba83ebf6de70378d3be68806dd984d5184f93267
Red Hat Security Advisory 2023-3195-01
Posted May 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3195-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, cross site scripting, information leakage, and insecure permissions vulnerabilities.

tags | advisory, vulnerability, xss
systems | linux, redhat
advisories | CVE-2022-42889, CVE-2023-24422, CVE-2023-25761, CVE-2023-25762, CVE-2023-27903, CVE-2023-27904
SHA-256 | 1c0f371bbf2460cdbd44e6232d75191d859f20b812ef0b81b78a5414981c6bc1
Red Hat Security Advisory 2023-3198-01
Posted May 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3198-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, deserialization, information leakage, and insecure permissions vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss, csrf
systems | linux, redhat
advisories | CVE-2021-26291, CVE-2022-1471, CVE-2022-25857, CVE-2022-29599, CVE-2022-30953, CVE-2022-30954, CVE-2022-42889, CVE-2022-43401, CVE-2022-43402, CVE-2022-43403, CVE-2022-43404, CVE-2022-43405, CVE-2022-43406, CVE-2022-43407
SHA-256 | 90baa6d6f8737bc29288b3b786655a657c5e97ed240d5aeb004a1660ffaa76c6
Page 1 of 4
Back1234Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close