what you don't know can hurt you
Showing 1 - 25 of 56 RSS Feed

Files

Jenkins 2.251 / LTS 2.235.3 Cross Site Scripting
Posted Dec 18, 2020
Authored by gx1

Jenkins versions 2.251 and below and LTS 2.235.3 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-2231
MD5 | e9f7e55c5a8547b35192c77527c8a41d

Related Files

Jenkins 2.235.3 Cross Site Scripting
Posted Dec 11, 2020
Authored by gx1

Jenkins version 2.235.3 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2020-2229, CVE-2020-2230
MD5 | 85158ef5e1a886db017a968f1200bb77
Red Hat Security Advisory 2020-4223-01
Posted Oct 22, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4223-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include cross site scripting and information leakage vulnerabilities.

tags | advisory, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-17638, CVE-2020-2229, CVE-2020-2230, CVE-2020-2231
MD5 | d0c5b1c008c134269b1f1ca9e4034d08
Jenkins 2.63 Sandbox Bypass
Posted Oct 19, 2020
Authored by dmw0ng

Jenkins version 2.63 suffers from a sandbox bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2019-1003030
MD5 | e07905721f87c46d4e272fc3d6fd7cba
Red Hat Security Advisory 2020-3841-01
Posted Sep 30, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3841-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include cross site scripting and information leakage vulnerabilities.

tags | advisory, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-17638, CVE-2020-2229, CVE-2020-2230, CVE-2020-2231
MD5 | d751adac6b30eb639b46cc4de551f362
Red Hat Security Advisory 2020-3808-01
Posted Sep 23, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3808-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a cross site scripting vulnerability.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2020-2220, CVE-2020-2221, CVE-2020-2222, CVE-2020-2223, CVE-2020-8557
MD5 | 864319a51931230bbf6a0e8f8d5bda84
Jenkins 2.56 CLI Deserialization / Code Execution
Posted Sep 22, 2020
Authored by Shelby Pace, SSD | Site metasploit.com

An unauthenticated Java object deserialization vulnerability exists in the CLI component for Jenkins versions 2.56 and below. The readFrom method within the Command class in the Jenkins CLI remoting component deserializes objects received from clients without first checking / sanitizing the data. Because of this, a malicious serialized object contained within a serialized SignedObject can be sent to the Jenkins endpoint to achieve code execution on the target.

tags | exploit, java, code execution
advisories | CVE-2017-1000353
MD5 | aa3a16d8907d8d916ffb35f7f9dc700d
Red Hat Security Advisory 2020-3541-01
Posted Aug 27, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3541-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. The Matrix Project is a module which handles creating Jenkins multi-configuration projects. Matrix Authorization allows configuring the lowest level permissions, such as starting new builds, configuring items, or deleting them, individually. Python-RSA is a RSA implementation in Python. It can be used as a Python library as well as the commandline utility. Ansible is a SSH-based configuration management, deployment, and task execution system. The openshift-ansible packages contain Ansible code and playbooks for installing and upgrading OpenShift Container Platform 3. Issues addressed include cross site scripting, denial of service, and information leakage vulnerabilities.

tags | advisory, denial of service, vulnerability, xss, python
systems | linux, redhat
advisories | CVE-2019-16541, CVE-2020-13757, CVE-2020-1741, CVE-2020-2220, CVE-2020-2221, CVE-2020-2222, CVE-2020-2223, CVE-2020-2224, CVE-2020-2225, CVE-2020-2226
MD5 | 0ecdeb89cf242d6818269471c5c3a3fd
Red Hat Security Advisory 2020-3519-01
Posted Aug 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3519-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a cross site scripting vulnerability.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2020-2220, CVE-2020-2221, CVE-2020-2222, CVE-2020-2223, CVE-2020-8557
MD5 | 0c491018a6c6dbac46cdb17a3eb52fc3
Red Hat Security Advisory 2020-3453-01
Posted Aug 18, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3453-01 - The Matrix Project is a module which handles creating Jenkins multi-configuration projects. Matrix Authorization allows configuring the lowest level permissions, such as starting new builds, configuring items, or deleting them, individually. Python-RSA is a RSA implementation in Python. It can be used as a Python library as well as the commandline utility. Issues addressed include cross site scripting and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, xss, python
systems | linux, redhat
advisories | CVE-2020-13757, CVE-2020-2224, CVE-2020-2225, CVE-2020-2226
MD5 | 6e1a3a007bbbe22b5ec43c60074e143d
Red Hat Security Advisory 2020-0964-01
Posted Mar 26, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0964-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include code execution and deserialization vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-2167
MD5 | a4f99540da5000e341ab143ba84c7e15
Jenkins Gitlab Hook 1.4.2 Cross Site Scripting
Posted Jan 16, 2020
Authored by Ai Ho

Jenkins Gitlab Hook plugin version 1.4.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-2096
MD5 | d7c42a672200860ffa5b54b38f3a89f8
Jenkins Build-Metrics 1.3 Cross Site Scripting
Posted Nov 8, 2019
Authored by vesche

Jenkins Build-Metrics plugin version 1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-10475
MD5 | 2c5ebf0addb47107e060f7e5c07dad3e
Red Hat Security Advisory 2019-3144-01
Posted Oct 18, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3144-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by CRON. This advisory contains the updated jenkins RPM package for Red Hat OpenShift Container Platform 3.11. Issues addressed include a cross site request forgery vulnerability.

tags | advisory, csrf
systems | linux, redhat
advisories | CVE-2019-10383, CVE-2019-10384
MD5 | e424854ddb8e787d604692da425f3f54
Red Hat Security Advisory 2019-2789-01
Posted Sep 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2789-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a cross site request forgery vulnerability.

tags | advisory, csrf
systems | linux, redhat
advisories | CVE-2019-10383, CVE-2019-10384
MD5 | 7f810658c188d52fd88316810e90b508
Red Hat Security Advisory 2019-2662-01
Posted Sep 11, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2662-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2019-10355, CVE-2019-10356, CVE-2019-10357
MD5 | 1f788cf8636cd071bab272c40d310c2c
Jenkins Groovy Scripts For Red Teamers And Penetration Testers
Posted Sep 10, 2019
Authored by Marco Ortisi, Ahmad Mahfouz

Whitepaper called Jenkins Groovy Scripts for Red Teamers and Penetration Testers.

tags | paper
MD5 | 37a4c513241b8f6c389c5c1cf75a2452
Red Hat Security Advisory 2019-2651-01
Posted Sep 4, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2651-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2019-10355, CVE-2019-10356, CVE-2019-10357
MD5 | 129eb76be97ff2899af9fb49402658a7
Red Hat Security Advisory 2019-2548-01
Posted Aug 28, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2548-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a cross site request forgery vulnerability.

tags | advisory, csrf
systems | linux, redhat
advisories | CVE-2019-10352, CVE-2019-10353, CVE-2019-10354
MD5 | 47eb3aaac38a7d73bd3ec5376fbf7e09
Red Hat Security Advisory 2019-2503-01
Posted Aug 15, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2503-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a cross site request forgery vulnerability.

tags | advisory, csrf
systems | linux, redhat
advisories | CVE-2019-10352, CVE-2019-10353, CVE-2019-10354
MD5 | 1dae2b9f7474004e5445e2f4a1621e79
Jenkins Dependency Graph View 0.13 Cross Site Scripting
Posted Jul 12, 2019
Authored by Ishaq Mohammed

Jenkins Dependency Graph View plugin version 0.13 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-10349
MD5 | c1ce6b865eb9188b93661b01f4e2d546
Red Hat Security Advisory 2019-1636-01
Posted Jul 3, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1636-01 - This advisory contains the jenkins-2-plugins RPM packages for Red Hat OpenShift Container Platform 4.1.4. Various issues have been addressed including a file read vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-10320, CVE-2019-10328, CVE-2019-10337
MD5 | 6c5f41509fb2839aefefa133d64edcbd
Red Hat Security Advisory 2019-1423-01
Posted Jun 10, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1423-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
systems | linux, redhat
advisories | CVE-2019-1003040, CVE-2019-1003041, CVE-2019-1003042
MD5 | 10c0ea3941871c2e208a9a63dc2476dd
Red Hat Security Advisory 2019-0739-01
Posted Apr 11, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0739-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Security fix: jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-script-security: Sandbox bypass in script security plug-in jenkins-plugin-workflow-cps: Sandbox bypass in pipeline: Groovy plug-in jenkins-matrix-project-plugin: Sandbox bypass in matrix project plug-in jenkins-job-dsl-plugin: Script security sandbox bypass in job DSL plug-in. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2019-1003005, CVE-2019-1003024, CVE-2019-1003029, CVE-2019-1003030, CVE-2019-1003031, CVE-2019-1003034
MD5 | 5f9d362061acb90bc7350ea99b36f54d
Jenkins ACL Bypass / Metaprogramming Remote Code Execution
Posted Mar 19, 2019
Authored by Orange Tsai, wvu | Site metasploit.com

This Metasploit module exploits a vulnerability in Jenkins dynamic routing to bypass the Overall/Read ACL and leverage Groovy metaprogramming to download and execute a malicious JAR file. The ACL bypass gadget is specific to Jenkins versions 2.137 and below and will not work on later versions of Jenkins. Tested against Jenkins 2.137 and Pipeline: Groovy Plugin 2.61.

tags | exploit
advisories | CVE-2019-1003000, CVE-2019-1003001, CVE-2019-1003002
MD5 | ebc7d597076f043f7e2c68f773bfe3fb
Jenkins Script Security 1.49 / Declarative 1.3.4 / Groovy 2.60 Remote Code Execution
Posted Feb 25, 2019
Authored by wetw0rk, wetw0rk & 0xtavian, 0xtavian

Jenkins plugins Script Security version 1.49, Declarative version 1.3.4, and Groovy version 2.60 suffer from a code execution vulnerability.

tags | exploit, code execution
advisories | CVE-2018-1999002, CVE-2019-1003000
MD5 | 49e2c0ebfb37dab4fc1286af6ab09269
Page 1 of 3
Back123Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close