GHSA-GC2R-CCFH-62V9 Reflected XSS vulnerability in Jenkins Micro Focus Application Automation Tools Plugin

Micro Focus Application Automation Tools Plugin 6.7 and earlier does not escape user input in a form validation response. This results in a reflected cross-site scripting XSS vulnerability. Micro Focus Application Automation Tools Plugin 6.8 escapes user input in the affected form validation...

GHSA-MJ7Q-CMF3-MG7H Stored XSS vulnerability in Jenkins on new item page

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape display names and IDs of item types shown on the New Item page. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to specify display names or IDs of item types. As of the publication of...

Reflected XSS vulnerability in Jenkins markup formatter preview

Jenkins allows administrators to choose the markup formatter to use for descriptions of jobs, builds, views, etc. displayed in Jenkins. When editing such a description, users can choose to have Jenkins render a formatted preview of the description they entered. Jenkins 2.274 and earlier, LTS...

Path traversal vulnerability in Jenkins agent names

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override unrelated config.xml files. If the global config.xml file is replaced, Jenkins will start up with unsafe legacy defaults after a restart. Jenkins...

XSS vulnerability in Jenkins notification bar

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents typically shown after form submissions via Apply button. This results in a cross-site scripting XSS vulnerability exploitable by attackers able to influence notification bar contents. Jenkins...

GHSA-98GQ-6HXG-52R6 XSS vulnerability in Jenkins notification bar

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents typically shown after form submissions via Apply button. This results in a cross-site scripting XSS vulnerability exploitable by attackers able to influence notification bar contents. Jenkins...

Jenkins < 2.276, < 2.263.3 Arbitrary File Read Vulnerability

Jenkins is prone to an arbitrary file read vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

PT-2021-14651 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.274 and earlier Jenkins LTS versions 2.263.1 and earlier Description: The issue results from the failure to escape button labels in the Jenkins UI, leading to a cross-site scripting XSS vulnerability. This vulnerability can...

PT-2021-14652 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.274 and earlier, LTS versions 2.263.1 and earlier Description: The issue allows attackers without Overall/Read permission to access some URLs as if they had Overall/Read permission due to incorrect matching of requested URL...