Lucene search
K

57 matches found

OSV
OSV
added 2022/05/24 4:55 p.m.12 views

GHSA-88QJ-3Q6H-8M5Q Jenkins Build Environment Plugin vulnerable to Cross-site Scripting

Build Environment Plugin did not escape values of environment variables shown on its views. This resulted in a cross-site scripting vulnerability exploitable by attackers able to control the values of build environment variables, typically users with Job/Configure or Job/Build permission. Jenkins...

5.4CVSS5.2AI score0.00688EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 4:55 p.m.29 views

Jenkins Build Environment Plugin vulnerable to Cross-site Scripting

Build Environment Plugin did not escape values of environment variables shown on its views. This resulted in a cross-site scripting vulnerability exploitable by attackers able to control the values of build environment variables, typically users with Job/Configure or Job/Build permission. Jenkins...

5.4CVSS2.9AI score0.00688EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/17 3:53 a.m.6 views

com.amazonaws:codedeploy (=1.15), com.aspectsecurity.automationservices.plugins.jenkins:ibm-security-appscansource-scanner (>=1.0.3 <=1.0.5) +332 more potentially affected by CVE-2014-3663 via org.jenkins-ci.main:jenkins-core (>=1.566 <=1.582)

org.jenkins-ci.main:jenkins-core MAVEN version =1.566, =1.0.3, =1.0.0, =2.2.0, =2.0, =8.5.0, =1.2, =1.29, =1.0, =1.0, =1.00, =1.2 and more Source cves: CVE-2014-3663 Source advisory: OSV:GHSA-64MC-2M9P-23C8...

6CVSS7.2AI score0.01384EPSS
Exploits0
Kitploit
Kitploit
added 2020/02/29 12:30 p.m.116 views

IoTGoat - A Deliberately Insecure Firmware Based On OpenWrt

The IoTGoat Project is a deliberately insecure firmware based on OpenWrt. The project’s goal is to teach users about the most common vulnerabilities typically found in IoT devices. The vulnerabilities will be based on the IoT Top 10 as documented by OWASP:...

7.5AI score
Exploits0References3
NVD
NVD
added 2019/09/12 2:15 p.m.35 views

CVE-2019-10395

Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by users able to change various job/build properties...

5.4CVSS5.3AI score0.00688EPSS
Exploits0References2
OSV
OSV
added 2019/09/12 2:15 p.m.6 views

CVE-2019-10395

Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by users able to change various job/build properties...

5.4CVSS6AI score
Exploits0References2
Prion
Prion
added 2019/09/12 2:15 p.m.17 views

Cross site scripting

Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by users able to change various job/build properties...

3.5CVSS5.2AI score0.00688EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/09/12 1:55 p.m.30 views

CVE-2019-10395

Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by users able to change various job/build properties...

5.3AI score0.00688EPSS
Exploits0References2
CVE
CVE
added 2019/09/12 1:55 p.m.84 views

CVE-2019-10395

CVE-2019-10395 affects the Jenkins Build Environment Plugin (versions ≤ 1.6) and relates to a cross-site scripting (XSS) vulnerability caused by not escaping values of environment variables shown in plugin views. The issue could be exploited by users who can modify various job/build properties. P...

5.4CVSS5.2AI score0.00688EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2019/09/12 12:0 a.m.5 views

PT-2019-11789 · Cloudbees +1 · Jenkins Build Environment Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 2.146 Jenkins Build Environment Plugin versions 1.6 and earlier Description: The issue is related to a cross-site scripting vulnerability. It occurs because the Jenkins Build Environment Plugin did not properly escap...

5.4CVSS5.1AI score0.00688EPSS
Exploits0References5
Veracode
Veracode
added 2019/01/15 9:11 a.m.29 views

Remote Injection Attacks

jenkins is vulnerable to remote injection attacks. The vulnerability exists as Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...

4.3CVSS6.9AI score0.02124EPSS
Exploits0References8Affected Software31
Prion
Prion
added 2016/05/17 2:8 p.m.22 views

Code injection

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...

4CVSS6.6AI score0.02124EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2016/05/17 12:0 a.m.36 views

CVE-2016-3721

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...

6.5AI score0.02124EPSS
Exploits0References6
n0where
n0where
added 2015/01/20 2:25 a.m.34 views

Parse Various Log Files: Plaso

Plaso is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline and thus plaso is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network...

7AI score
Exploits0References1
Atlassian
Atlassian
added 2009/04/09 1:34 a.m.18 views

Update JIRA certificate for Screenshot Applet and others. It expires in June 2009

See https://extranet.atlassian.com/jira/browse/ADM-3253 Move Steves branch into trunk in the process. Also I think the build environment might need direct updating...

1.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/04/09 1:34 a.m.21 views

Update JIRA certificate for Screenshot Applet and others. It expires in June 2009

See https://extranet.atlassian.com/jira/browse/ADM-3253 Move Steves branch into trunk in the process. Also I think the build environment might need direct updating...

1.5AI score
Exploits0Affected Software1
Gentoo Linux
Gentoo Linux
added 2005/10/17 12:0 a.m.39 views

Perl, Qt-UnixODBC, CMake: RUNPATH issues

Background Perl is a stable, cross-platform programming language created by Larry Wall. Qt-UnixODBC is an ODBC library for Qt. CMake is a cross-platform build environment. Description Some packages may introduce insecure paths into the list of directories that are searched for libraries at runtim...

7.2CVSS6.3AI score0.00521EPSS
Exploits0
Rows per page
Query Builder