Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-16566
Publication date:
17/12/2019
A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2023

CVE-2019-16565
Publication date:
17/12/2019
A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2023

CVE-2019-16564
Publication date:
17/12/2019
Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to affects view content such as job display name or pipeline stage names.
Severity CVSS v4.0: Pending analysis
Last modification:
02/11/2023

CVE-2019-16562
Publication date:
17/12/2019
Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the description of builds shown in its view, resulting in a stored XSS vulnerability exploitable by users able to change build descriptions.
Severity CVSS v4.0: Pending analysis
Last modification:
02/11/2023

CVE-2019-16563
Publication date:
17/12/2019
Jenkins Mission Control Plugin 0.9.16 and earlier does not escape job display names and build names shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to change these properties.
Severity CVSS v4.0: Pending analysis
Last modification:
02/11/2023

CVE-2019-16560
Publication date:
17/12/2019
A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2023

CVE-2019-16559
Publication date:
17/12/2019
A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2023

CVE-2019-16561
Publication date:
17/12/2019
Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for the entire Jenkins master JVM.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2023

CVE-2019-16558
Publication date:
17/12/2019
Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2023

CVE-2019-16557
Publication date:
17/12/2019
Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2023

CVE-2019-16553
Publication date:
17/12/2019
A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2023

CVE-2019-16554
Publication date:
17/12/2019
A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2023
Subscribe to Vulnerabilities