Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2022/06/24 12:0 a.m.1 views

GHSA-6G4R-Q7QG-6QX6 Cross-site Scripting vulnerability in Jenkins

Since Jenkins 2.340, the tooltip of the build button in list views supports HTML without escaping the job display name. This vulnerability is known to be exploitable by attackers with Job/Configure permission. Jenkins 2.356 addresses this vulnerability. The tooltip of the build button in list vie...

8CVSS5.9AI score0.05325EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2022/06/24 12:0 a.m.27 views

Cross-site Scripting vulnerability in Jenkins

Since Jenkins 2.321 and LTS 2.332.1, the HTML output generated for new symbol-based SVG icons includes the title attribute of l:ionicon until Jenkins 2.334 and alt attribute of l:icon since Jenkins 2.335 without further escaping. This vulnerability is known to be exploitable by attackers with...

5.4CVSS6.5AI score0.0222EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2022/06/24 12:0 a.m.0 views

GHSA-MHP7-3393-PFQR Cross-site Scripting vulnerability in Jenkins

Since Jenkins 2.340, symbol-based icons unescape previously escaped values of tooltip parameters. This vulnerability is known to be exploitable by attackers with Job/Configure permission. Jenkins 2.356, LTS 2.332.4 and LTS 2.346.1 addresses this vulnerability. Symbol-based icons no longer unescap...

8CVSS6.3AI score0.03165EPSS
Exploits0References3
OpenVAS
OpenVASadded 2022/06/24 12:0 a.m.25 views

Jenkins 2.320 < 2.356, 2.332.1 LTS < 2.332.4 LTS XSS Vulnerability (SECURITY-2779) - Windows

Jenkins is prone to a cross-site scripting XSS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

5.4CVSS5.5AI score0.01837EPSS
Exploits0References1
OpenVAS
OpenVASadded 2022/06/24 12:0 a.m.21 views

Jenkins 2.335 < 2.356 Information Disclosure Vulnerability (SECURITY-2777) - Linux

Jenkins is prone to an information disclosure vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

7.5CVSS7.3AI score0.01704EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2022/06/22 12:0 a.m.2 views

PT-2022-22040 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.340 through 2.355 Description: The tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting XSS vulnerability. This issue is exploitable by attackers...

8CVSS5.4AI score0.05325EPSS
Exploits0References11
Positive Technologies
Positive Technologiesadded 2022/06/22 12:0 a.m.2 views

PT-2022-22037 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.320 through 2.355 Jenkins LTS versions 2.332.1 through 2.332.3 Description: The help icon in Jenkins does not escape the feature name that is part of its tooltip, resulting in a cross-site scripting XSS vulnerability. This...

8CVSS5.5AI score0.01837EPSS
Exploits0References12
Rows per page
Query Builder