GHSA-Q6Q9-83XW-MP6P Improper Neutralization of Input During Web Page Generation in Jenkins

In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents...

jenkins: Stored XSS vulnerability in queue item tooltip

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expressions not matching any idle executor...

jenkins: Stored XSS vulnerability in expandable textbox form control

In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents typically Job/Configure...

jenkins: Stored XSS vulnerability in SCM tag action tooltip

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a stored XSS vulnerability exploitable by users able to control SCM tag names for these actions...

CloudBees Jenkins and LTS Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...

CloudBees Jenkins URL setting cross-site scripting vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...

CVE-2019-10401

In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents typically Job/Configure...

Cross site scripting

In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents...

CVE-2019-10402

In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents...

CVE-2019-10401

CVE-2019-10401 corresponds to a stored XSS in Jenkins up to 2.196 and LTS 2.176.3 due to the f:expandableTextBox form control interpreting content as HTML, allowing exploitation by users who can define its contents (e.g., Job/Configure). Connected sources confirm the exact vulnerable component an...

PT-2019-11797 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.196 and earlier Jenkins LTS versions 2.176.3 and earlier Description: The issue results from the failure to escape the SCM tag name on the tooltip for SCM tag actions, leading to a stored XSS vulnerability. This can be...

PT-2019-11796 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.196 and earlier Jenkins LTS versions 2.176.3 and earlier Description: The issue allows for a stored XSS vulnerability due to the f:combobox form control interpreting its item labels as HTML. This can be exploited by users w...

PT-2019-11799 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.196 and earlier, LTS versions 2.176.3 and earlier Description: The issue allows attackers to obtain the HTTP session cookie, despite it being marked HttpOnly, by exploiting another XSS vulnerability and accessing the /whoAm...

PT-2019-11798 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.196 and earlier Jenkins LTS versions 2.176.3 and earlier Description: The issue results from the failure to escape the reason why a queue item is blocked in tooltips, leading to a stored XSS vulnerability. This can be...

PT-2019-11795 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.196 and earlier, LTS versions 2.176.3 and earlier Description: The issue concerns a stored XSS vulnerability. It occurs because the f:expandableTextBox form control interprets its content as HTML when expanded. This can be...