CVE-2017-1000401

LOW Year: 2017
CVSS v3 Score
2.2
Low
CVSS v2 Score
1.2
Low
Weakness Type
CWE-20
View all →

Vulnerability Description

The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, <f:password/>, supports form validation (e.g. for API keys). The form validation AJAX requests were sent via GET, which could result in secrets being logged to a HTTP access log in non-default configurations of Jenkins, and made available to users with access to these log files. Form validation for <f:password/> is now always sent via POST, which is typically not logged.

Related Vulnerabilities

CVE-2016-8647

LOW
CVSS:2.2(Low)

An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would stil...

CWE-202016

CVE-2024-22117

LOW
CVSS:2.2(Low)

When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. Howe...

CWE-202024

CVE-2018-20893

LOW
CVSS:2.3(Low)

cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442).

CWE-202018

CVE-2021-21726

LOW
CVSS:2.3(Low)

Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges ca...

CWE-202021

CVE-2024-25571

MEDIUM
CVSS:2.3(Low)

Improper input validation in some Intel(R) SPS firmware before SPS_E5_06.01.04.059.0 may allow a privileged user to potentially enable denial of service via local access.

CWE-202024

CVE-2020-16237

LOW
CVSS:2.1(Low)

Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely a...

CWE-202020