30 matches found
Jenkins: Stored XSS vulnerability in node offline cause description
Jenkins 2.483 through 2.567 both inclusive, LTS 2.492.1 through 2.555.2 both inclusive does not escape the user-provided description of a generic offline cause that could be set through the POST config.xml API, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers...
CVE-2026-53441
Jenkins 2.483 through 2.567 both inclusive, LTS 2.492.1 through 2.555.2 both inclusive does not escape the user-provided description of a generic offline cause that could be set through the POST config.xml API, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers...
CVE-2026-53441
Summary: CVE-2026-53441 affects Jenkins core 2.483–2.567 and LTS 2.492.1–2.555.2, where the description field for an offline cause can be stored via the POST config.xml API, enabling stored XSS. This requires attacker permission at Agent/Configure level. What’s known from provided sources: The vu...
BIT-JENKINS-2026-27099
Jenkins 2.483 through 2.550 both inclusive, LTS 2.492.1 through 2.541.1 both inclusive does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure or...
CVE-2026-27099
Jenkins 2.483 through 2.550 both inclusive, LTS 2.492.1 through 2.541.1 both inclusive does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure or...
EUVD-2022-4966
Malicious code in bioql PyPI...
GHSA-2463-7265-H8R4 Jenkins Matrix Reloaded Plugin vulnerable to Stored XSS
Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission...
Jenkins Matrix Reloaded Plugin vulnerable to Stored XSS
Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission...
CVE-2022-34788
Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission...
GHSA-QG66-XV7V-M834 Stored XSS vulnerability in computer-queue-plugin Plugin
computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission. computer-queue-plugin Plugin 1.6 escapes the agent name in tooltips...
Stored XSS vulnerability in computer-queue-plugin Plugin
computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission. computer-queue-plugin Plugin 1.6 escapes the agent name in tooltips...
Stored XSS vulnerability in Matrix Project Plugin
Jenkins Matrix Project Plugin prior to 1.20 and 1.18.1 does not escape HTML metacharacters in node and label names, and label descriptions. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission. Matrix Project Plugin 1.20 and 1.18...
GHSA-VQWG-4V6F-H6X5 Stored XSS vulnerability in Matrix Project Plugin
Jenkins Matrix Project Plugin prior to 1.20 and 1.18.1 does not escape HTML metacharacters in node and label names, and label descriptions. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission. Matrix Project Plugin 1.20 and 1.18...
CVE-2022-20615
Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission...
Design/Logic Flaw
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global config.xml file...
CVE-2021-21605
CVE-2021-21605 is a path traversal vulnerability in Jenkins where users with Agent/Configure permission can select agent names that cause Jenkins to override unrelated global config.xml files. Public details show affected versions include Jenkins 2.274 and earlier, LTS 2.263.1 and earlier; fixed ...
jenkins-2-plugins/matrix-project: Stored XSS vulnerability in multiple axis builds tooltips
A flaw was found in the Matrix Project Plugin version 1.16 and prior. Node names shown in tooltips are not escaped on the overview page of builds with multiple axes which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this...
jenkins-2-plugins/matrix-project: Stored XSS vulnerability in single axis builds tooltips
A flaw was found in the Matrix Project Plugin version 1.16 and prior. Node names shown in tooltips are not escaped on the overview page of builds with a single axis which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this...
jenkins: Stored XSS vulnerability in console links
A flaw was found in Jenkins versions 2.244 and prior and in LTS 2.235.1 and prior. HREF attribute of links to downstream jobs are not escaped on build console pages which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this...
jenkins: Stored XSS vulnerability in upstream cause
A flaw was found in Jenkins versions 2.244 and prior and in LTS 2.235.1 and prior. The upstream job's display name is not escaped on build time trend pages which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this exploit to...