Lucene search
K

31 matches found

CVE
CVE
added 2022/06/22 2:41 p.m.108 views

CVE-2022-34198

The CVE-2022-34198 issue affects Jenkins Stash Branch Parameter Plugin (0.3.0 and earlier). Root cause: the plugin does not escape the name and description of Stash Branch parameters on parameter-displaying views, enabling stored XSS. Impact: attackers with Item/Configure permission can exploit s...

5.4CVSS5.2AI score0.00715EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/06/22 12:0 a.m.6 views

Jenkins Plugin Stash Branch Parameter 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exis...

5.4CVSS5.7AI score0.00715EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/06/22 12:0 a.m.4 views

PT-2022-22067 · Jenkins · Jenkins Stash Branch Parameter Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Stash Branch Parameter Plugin versions 0.3.0 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability, which can be exploited by attackers with Item/Configure permission. This occurs because the...

8CVSS5.6AI score0.00715EPSS
Exploits0References5
OSV
OSV
added 2022/05/24 5:22 p.m.22 views

GHSA-3F82-V3QW-53Q7 Passwords transmitted in plain text by Jenkins Stash Branch Parameter Plugin

Stash Branch Parameter Plugin stores Stash API passwords in its global configuration file org.jenkinsci.plugins.StashBranchParameter.StashBranchParameterDefinition.xml on the Jenkins controller as part of its configuration. While the password is stored encrypted on disk, it is transmitted in plai...

3.1CVSS4.5AI score0.00657EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 5:22 p.m.27 views

Passwords transmitted in plain text by Jenkins Stash Branch Parameter Plugin

Stash Branch Parameter Plugin stores Stash API passwords in its global configuration file org.jenkinsci.plugins.StashBranchParameter.StashBranchParameterDefinition.xml on the Jenkins controller as part of its configuration. While the password is stored encrypted on disk, it is transmitted in plai...

4.3CVSS4.8AI score0.00657EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/17 3:53 a.m.10 views

com.antelink.reporter.jenkins.plugin:AntepediaReporter-CI-plugin (>=1.7 <=1.8), com.dubture.jenkins:digitalocean-plugin (>=0.1 <=0.2) +39 more potentially affected by CVE-2014-2066 via org.jenkins-ci.main:jenkins-core (>=1.533 <=1.550)

org.jenkins-ci.main:jenkins-core MAVEN version =1.533, =1.7, =0.1, =1.53, =1.0.0, =0.1, =1.533, =1.533, =1.533, =1.533, =0.1.3, =0.1.5 and more Source cves: CVE-2014-2066 Source advisory: OSV:GHSA-8JFX-H6Q2-V4G3...

6.8CVSS5.8AI score0.02061EPSS
Exploits0
CNVD
CNVD
added 2020/07/03 12:0 a.m.9 views

Unspecified Vulnerability in CloudBees Jenkins Stash Branch Parameter Plugin

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Stash Branch Parameter Plugin is used in one...

4.3CVSS6.5AI score0.00657EPSS
Exploits0
NVD
NVD
added 2020/07/02 3:15 p.m.19 views

CVE-2020-2210

Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure...

4.3CVSS0.00657EPSS
Exploits0References2
OSV
OSV
added 2017/06/02 2:29 p.m.4 views

UBUNTU-CVE-2017-9372

PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service buffer overflow and application crash via a SIP packet with a crafted CSeq header in conjunction...

7.5CVSS7AI score0.03989EPSS
Exploits0References3
CNVD
CNVD
added 2016/07/21 12:0 a.m.4 views

Misys FusionCapital Opics Plus SQL Injection Vulnerability

Misys FusionCapital Opics Plus is an end-to-end scalable money business solution for the financial industry from Misys UK. The solution provides IAS-compliant accounting structures, foreign exchange tools and client-facing e-banking capabilities. An SQL injection vulnerability exists in Misys...

6.5CVSS8.7AI score0.0112EPSS
Exploits0References1
Prion
Prion
added 2016/07/19 10:59 p.m.11 views

Sql injection

Multiple SQL injection vulnerabilities in Misys FusionCapital Opics Plus allow remote authenticated users to execute arbitrary SQL commands via the 1 ID or 2 Branch parameter...

4CVSS8.8AI score0.0112EPSS
Exploits0References2
Rows per page
Query Builder