14 matches found
Path traversal vulnerability in Jenkins agent names
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override unrelated config.xml files. If the global config.xml file is replaced, Jenkins will start up with unsafe legacy defaults after a restart. Jenkins...
XSS vulnerability in Jenkins notification bar
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents typically shown after form submissions via Apply button. This results in a cross-site scripting XSS vulnerability exploitable by attackers able to influence notification bar contents. Jenkins...
GHSA-98GQ-6HXG-52R6 XSS vulnerability in Jenkins notification bar
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents typically shown after form submissions via Apply button. This results in a cross-site scripting XSS vulnerability exploitable by attackers able to influence notification bar contents. Jenkins...
jenkins: Excessive memory allocation in graph URLs leads to denial of service
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors...
Cloudbees Jenkins and LTS Cross-Site Scripting Vulnerability (CNVD-2021-04646)
Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . A cross-site scripting...
Cloudbees Jenkins and LTS Authorization Issues Vulnerability (CNVD-2021-04651)
Cloudbees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An authorization issue...
Cloudbees Jenkins and LTS Injection Vulnerabilities
Cloudbees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An injection vulnerability...
CVE-2021-21605
CVE-2021-21605 is a path traversal vulnerability in Jenkins where users with Agent/Configure permission can select agent names that cause Jenkins to override unrelated global config.xml files. Public details show affected versions include Jenkins 2.274 and earlier, LTS 2.263.1 and earlier; fixed ...
PT-2021-14646 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.274 and earlier Jenkins LTS versions 2.263.1 and earlier Description: The issue results from the failure to escape notification bar response contents, leading to a cross-site scripting XSS vulnerability. This vulnerability...
PT-2021-14651 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.274 and earlier Jenkins LTS versions 2.263.1 and earlier Description: The issue results from the failure to escape button labels in the Jenkins UI, leading to a cross-site scripting XSS vulnerability. This vulnerability can...
Cloudbees Jenkins 输入验证错误漏洞
Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...
Cloudbees Jenkins 授权问题漏洞
Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . An authorization issue vulnerabilit...
PT-2021-14648 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.274 and earlier, LTS versions 2.263.1 and earlier Description: The issue allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global config.xml file. If the global config.xml...
Cloudbees Jenkins 代码问题漏洞
Cloudbees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An injection vulnerability...