6 matches found
BIT-JENKINS-2020-2162
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability...
PT-2020-15517 · Jenkins · Stapler +2
Name of the Vulnerable Software and Affected Versions: Jenkins Audit Trail Plugin versions 3.6 and earlier Description: The issue arises from a discrepancy in how the Audit Trail Plugin and the Stapler web framework parse URL paths, allowing attackers to craft URLs that bypass request logging. Th...
CVE-2020-2161
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels...
PT-2020-2656 · Cloudbees +1 · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.227 and earlier Jenkins LTS versions 2.204.5 and earlier Description: The issue is related to the absence of protection against cross-site request forgery CSRF in Jenkins. This allows attackers to craft URLs that bypass CSR...
PT-2020-2654 · Cloudbees +1 · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.227 and earlier Jenkins LTS versions 2.204.5 and earlier Description: The issue is related to the absence of HTTP Content-Security-Policy headers for files uploaded as file parameters to a build. This results in a stored...
PT-2020-2655 · Cloudbees +1 · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.227 and earlier Jenkins LTS versions 2.204.5 and earlier Description: The issue is related to improper processing of HTML content in list view column headers, resulting in a stored XSS vulnerability. This vulnerability can ...