VulnerableCode Package Details - pkg:maven/org.jenkins-ci.main/jenkins-core@2.107.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-8x6t-vhae-kkd8 Aliases: CVE-2018-1000192 GHSA-2w4x-rxp7-grg7	Information Exposure An information exposure vulnerability exists in Jenkins that allows users with Overall/Read access to enumerate all installed plugins.	2.107.3 Affected by 0 other vulnerabilities. 2.121 Affected by 0 other vulnerabilities.
VCID-df66-65bh-3fhy Aliases: CVE-2018-1000195 GHSA-rgmj-mccj-h9mx	Cross-Site Request Forgery (CSRF) A server-side request forgery vulnerability exists in Jenkins that allows users with Overall/Read permission to have Jenkins submit an HTTP GET request to an arbitrary URL and learn whether the response is successful or not.	2.107.3 Affected by 0 other vulnerabilities. 2.121 Affected by 0 other vulnerabilities.
VCID-h88g-ywc5-1ycw Aliases: CVE-2018-1000193 GHSA-7592-93rm-6gpx	Injection Vulnerability An improper neutralization of control sequences vulnerability exists in Jenkins in `HudsonPrivateSecurityRealm.java` that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and cannot be deleted via the UI.	2.107.3 Affected by 0 other vulnerabilities. 2.121 Affected by 0 other vulnerabilities.
VCID-pdf9-n6qs-ybcc Aliases: CVE-2018-1000194 GHSA-x646-m7x2-gcp7	Path Traversal A path traversal vulnerability exists in Jenkins in `FilePath.java`, `SoloFilePathFilter.java` that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection.	2.107.3 Affected by 0 other vulnerabilities. 2.121 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-8x6t-vhae-kkd8
Aliases:
CVE-2018-1000192
GHSA-2w4x-rxp7-grg7

Information Exposure An information exposure vulnerability exists in Jenkins that allows users with Overall/Read access to enumerate all installed plugins.

2.107.3
Affected by 0 other vulnerabilities.

2.121
Affected by 0 other vulnerabilities.

VCID-df66-65bh-3fhy
Aliases:
CVE-2018-1000195
GHSA-rgmj-mccj-h9mx

Cross-Site Request Forgery (CSRF) A server-side request forgery vulnerability exists in Jenkins that allows users with Overall/Read permission to have Jenkins submit an HTTP GET request to an arbitrary URL and learn whether the response is successful or not.

2.107.3
Affected by 0 other vulnerabilities.

2.121
Affected by 0 other vulnerabilities.

VCID-h88g-ywc5-1ycw
Aliases:
CVE-2018-1000193
GHSA-7592-93rm-6gpx

Injection Vulnerability An improper neutralization of control sequences vulnerability exists in Jenkins in `HudsonPrivateSecurityRealm.java` that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and cannot be deleted via the UI.

2.107.3
Affected by 0 other vulnerabilities.

2.121
Affected by 0 other vulnerabilities.

VCID-pdf9-n6qs-ybcc
Aliases:
CVE-2018-1000194
GHSA-x646-m7x2-gcp7

Path Traversal A path traversal vulnerability exists in Jenkins in `FilePath.java`, `SoloFilePathFilter.java` that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection.

2.107.3
Affected by 0 other vulnerabilities.

2.121
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-5a6u-x9s5-tfg8	Cross-site Scripting A cross-site scripting vulnerability exists in Jenkins in `confirmationList.jelly` and `stopButton.jelly` that allows attackers with Job/Configure and/or Job/Create permission to create an item name containing JavaScript that would be executed in another user's browser when that other user performs some UI actions.	CVE-2018-1000170 GHSA-9jcv-v4jp-w3cq
VCID-u9ph-5sbd-mfgp	Information Exposure Jenkins allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins.	CVE-2018-1000169 GHSA-cpw3-x7gf-p872

Vulnerability

Summary

Aliases

VCID-5a6u-x9s5-tfg8

Cross-site Scripting A cross-site scripting vulnerability exists in Jenkins in `confirmationList.jelly` and `stopButton.jelly` that allows attackers with Job/Configure and/or Job/Create permission to create an item name containing JavaScript that would be executed in another user's browser when that other user performs some UI actions.

CVE-2018-1000170
GHSA-9jcv-v4jp-w3cq

VCID-u9ph-5sbd-mfgp

Information Exposure Jenkins allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins.

CVE-2018-1000169
GHSA-cpw3-x7gf-p872

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-04T14:30:14.217203+00:00	GHSA Importer	Fixing	VCID-5a6u-x9s5-tfg8	https://github.com/advisories/GHSA-9jcv-v4jp-w3cq	38.1.0
2026-04-04T14:30:07.342592+00:00	GHSA Importer	Fixing	VCID-u9ph-5sbd-mfgp	https://github.com/advisories/GHSA-cpw3-x7gf-p872	38.1.0
2026-04-01T16:00:48.056848+00:00	GHSA Importer	Affected by	VCID-h88g-ywc5-1ycw	https://github.com/advisories/GHSA-7592-93rm-6gpx	38.0.0
2026-04-01T16:00:47.920856+00:00	GHSA Importer	Affected by	VCID-8x6t-vhae-kkd8	https://github.com/advisories/GHSA-2w4x-rxp7-grg7	38.0.0
2026-04-01T16:00:47.770846+00:00	GHSA Importer	Affected by	VCID-df66-65bh-3fhy	https://github.com/advisories/GHSA-rgmj-mccj-h9mx	38.0.0
2026-04-01T16:00:47.617353+00:00	GHSA Importer	Affected by	VCID-pdf9-n6qs-ybcc	https://github.com/advisories/GHSA-x646-m7x2-gcp7	38.0.0
2026-04-01T13:08:33.819337+00:00	GithubOSV Importer	Fixing	VCID-5a6u-x9s5-tfg8	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9jcv-v4jp-w3cq/GHSA-9jcv-v4jp-w3cq.json	38.0.0
2026-04-01T13:08:21.261889+00:00	GithubOSV Importer	Fixing	VCID-u9ph-5sbd-mfgp	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cpw3-x7gf-p872/GHSA-cpw3-x7gf-p872.json	38.0.0
2026-04-01T12:47:43.749861+00:00	GitLab Importer	Affected by	VCID-h88g-ywc5-1ycw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2018-1000193.yml	38.0.0
2026-04-01T12:47:43.712653+00:00	GitLab Importer	Affected by	VCID-pdf9-n6qs-ybcc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2018-1000194.yml	38.0.0
2026-04-01T12:47:43.587720+00:00	GitLab Importer	Affected by	VCID-df66-65bh-3fhy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2018-1000195.yml	38.0.0
2026-04-01T12:47:43.549252+00:00	GitLab Importer	Affected by	VCID-8x6t-vhae-kkd8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2018-1000192.yml	38.0.0
2026-04-01T12:47:39.292601+00:00	GitLab Importer	Fixing	VCID-5a6u-x9s5-tfg8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2018-1000170.yml	38.0.0
2026-04-01T12:47:39.273391+00:00	GitLab Importer	Fixing	VCID-u9ph-5sbd-mfgp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2018-1000169.yml	38.0.0