Kohsuke Kawaguchi

10 exploits Active since Feb 2013
CVE-2017-2649 NOMISEC HIGH WRITEUP
Jenkins Active Directory Plugin <= 2.2 - Improper Certificate Validation
It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.
CVSS 8.1
CVE-2017-12197 NOMISEC MEDIUM WORKING POC
libpam4j <= 1.8 - Authentication Bypass via Disabled Account Validation
It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.
CVSS 6.5
CVE-2022-25174 NOMISEC HIGH WORKING POC
Jenkins Pipeline < 552.vd9cc05b8a2e1 - Authenticated OS Command Injection via SCM Checkout Directory
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.
CVSS 8.8
CVE-2017-12197 NOMISEC MEDIUM WORKING POC
libpam4j <= 1.8 - Authentication Bypass via Disabled Account Validation
It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information.
CVSS 6.5
CVE-2017-2649 NOMISEC HIGH WRITEUP
Jenkins Active Directory Plugin <= 2.2 - Improper Certificate Validation
It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.
CVSS 8.1
CVE-2013-0158 WRITEUP WRITEUP
Jenkins < 1.498 - Unauthenticated Cryptographic Key Exposure
Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors.
CVE-2013-0158 WRITEUP WRITEUP
Jenkins < 1.498 - Unauthenticated Cryptographic Key Exposure
Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors.
CVE-2013-0158 WRITEUP WRITEUP
Jenkins < 1.498 - Unauthenticated Cryptographic Key Exposure
Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors.
CVE-2013-0158 WRITEUP WRITEUP
Jenkins < 1.498 - Unauthenticated Cryptographic Key Exposure
Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors.
CVE-2013-0158 WRITEUP WRITEUP
Jenkins < 1.498 - Unauthenticated Cryptographic Key Exposure
Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain the master cryptographic key via unknown vectors.