Search for packages
| purl | pkg:rpm/redhat/jenkins-plugin-openshift@0.6.40.1-0?arch=el6op |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 5.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1r79-ts6t-hufh
Aliases: CVE-2014-3674 |
Enterprise: gears fail to properly isolate network traffic | There are no reported fixed by versions. |
|
VCID-1zas-w8w2-4ydr
Aliases: CVE-2014-3681 GHSA-cwh9-f8m6-6r63 |
Jenkins Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | There are no reported fixed by versions. |
|
VCID-28y2-gqhb-k7ak
Aliases: CVE-2014-3678 GHSA-ghjw-fc9q-jj8c |
Cross-site scripting (XSS) vulnerability in the Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | There are no reported fixed by versions. |
|
VCID-2vbv-gzfv-83ae
Aliases: CVE-2014-3663 GHSA-64mc-2m9p-23c8 |
Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors. | There are no reported fixed by versions. |
|
VCID-4hfu-spf7-a3hw
Aliases: CVE-2014-2064 GHSA-9vg9-x38g-9hfx |
The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts. | There are no reported fixed by versions. |
|
VCID-52sp-kv9t-gye3
Aliases: CVE-2014-2062 GHSA-vxc6-wvh8-fpxw |
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token. | There are no reported fixed by versions. |
|
VCID-5ey2-dm5w-y7a6
Aliases: CVE-2014-3602 |
OpenShift: /proc/net/tcp information disclosure | There are no reported fixed by versions. |
|
VCID-6avm-s2zj-5qex
Aliases: CVE-2014-2066 GHSA-8jfx-h6q2-v4g3 |
Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies. | There are no reported fixed by versions. |
|
VCID-6qdw-fvzm-4kdx
Aliases: CVE-2014-3662 GHSA-fxqr-px2m-fvc2 |
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to enumerate user names via vectors related to login attempts. | There are no reported fixed by versions. |
|
VCID-7p5d-b885-sycx
Aliases: CVE-2014-3667 GHSA-5xm3-48v5-6h7v |
Jenkins allows Remote Users to Obtain Sensitive Information from a Plugin Code Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code. | There are no reported fixed by versions. |
|
VCID-bkyy-edpd-m3cy
Aliases: CVE-2014-2063 GHSA-w3f5-gq7j-m797 |
Jenkins Vulnerable to Clickjacking Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | There are no reported fixed by versions. |
|
VCID-bn9w-mr5k-ufen
Aliases: CVE-2014-2067 GHSA-vj6q-v2h7-6q5m |
Cross-site scripting (XSS) vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note." | There are no reported fixed by versions. |
|
VCID-c43n-xyfr-aqbe
Aliases: CVE-2014-3664 GHSA-3gp5-92h5-h855 |
Jenkins Path Traversal vulnerability Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors. | There are no reported fixed by versions. |
|
VCID-ds2c-vfv9-1yhf
Aliases: CVE-2014-2065 GHSA-fxj8-cqcp-3vgq |
Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie. | There are no reported fixed by versions. |
|
VCID-fnh5-jm4p-6yc8
Aliases: CVE-2014-3665 GHSA-66cr-6whx-732p |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CVE-2014-3665 jenkins: remote code execution from slaves (SECURITY-144) | There are no reported fixed by versions. |
|
VCID-hvd6-bj7t-q7fj
Aliases: CVE-2014-2059 GHSA-v759-3fh9-84mx |
Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name. | There are no reported fixed by versions. |
|
VCID-napq-s84t-dfct
Aliases: CVE-2013-7330 GHSA-h5jv-hg68-mjhg |
Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions. | There are no reported fixed by versions. |
|
VCID-nwz6-6gd9-gyac
Aliases: CVE-2013-6372 GHSA-c4fr-gx5w-8qf2 |
The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file. | There are no reported fixed by versions. |
|
VCID-r79s-gp2g-13b7
Aliases: CVE-2014-3661 GHSA-r5m2-g5gc-q43r |
Jenkins Denial of Service vulnerability CVE-2014-3661 jenkins: denial of service (SECURITY-87) | There are no reported fixed by versions. |
|
VCID-u21t-wbdr-auez
Aliases: CVE-2014-2061 GHSA-rxfv-gm5x-9wqj |
The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value. | There are no reported fixed by versions. |
|
VCID-u321-xdwe-gfdp
Aliases: CVE-2014-2060 GHSA-9c26-cf8c-mw43 |
Jenkins allows Remote Attackers to Hijack Sessions The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors. | There are no reported fixed by versions. |
|
VCID-vznw-vuay-7bcg
Aliases: CVE-2014-3666 GHSA-fvfh-8mj3-23xj |
Jenkins allows for Code Execution via Crafted Packet to the CLI Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel. | There are no reported fixed by versions. |
|
VCID-w6we-64uv-d3h7
Aliases: CVE-2014-2068 GHSA-pv88-j6rg-r56p |
The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump. | There are no reported fixed by versions. |
|
VCID-y95w-2r5s-gufd
Aliases: CVE-2013-5573 GHSA-52g6-pfrq-rxfv |
Jenkins allows Cross-Site Scripting (XSS) in User Configuration Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||