7 matches found
Jenkins Associated Files Plugin vulnerable to cross-site scripting (XSS)
Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Currently, there are no known workarounds or patches...
CVE-2022-45401
Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-45401
Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Cross site scripting
Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-45401
CVE-2022-45401 affects Jenkins Associated Files Plugin (versions 0.2.1 and earlier). The flaw is a stored XSS due to the plugin not escaping the names of associated files, enabling an attacker with Item/Configure permission to exploit it. The public documents confirm the vulnerability exists but ...
PT-2022-27503 · Jenkins · Jenkins Associated Files Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Associated Files Plugin versions 0.2.1 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. This occurs because the plugin does not properly escape the names of associated files. Attackers...
CVE-2022-45401
Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...