57 matches found
GHSA-88QJ-3Q6H-8M5Q Jenkins Build Environment Plugin vulnerable to Cross-site Scripting
Build Environment Plugin did not escape values of environment variables shown on its views. This resulted in a cross-site scripting vulnerability exploitable by attackers able to control the values of build environment variables, typically users with Job/Configure or Job/Build permission. Jenkins...
Jenkins Build Environment Plugin vulnerable to Cross-site Scripting
Build Environment Plugin did not escape values of environment variables shown on its views. This resulted in a cross-site scripting vulnerability exploitable by attackers able to control the values of build environment variables, typically users with Job/Configure or Job/Build permission. Jenkins...
com.amazonaws:codedeploy (=1.15), com.aspectsecurity.automationservices.plugins.jenkins:ibm-security-appscansource-scanner (>=1.0.3 <=1.0.5) +332 more potentially affected by CVE-2014-3663 via org.jenkins-ci.main:jenkins-core (>=1.566 <=1.582)
org.jenkins-ci.main:jenkins-core MAVEN version =1.566, =1.0.3, =1.0.0, =2.2.0, =2.0, =8.5.0, =1.2, =1.29, =1.0, =1.0, =1.00, =1.2 and more Source cves: CVE-2014-3663 Source advisory: OSV:GHSA-64MC-2M9P-23C8...
IoTGoat - A Deliberately Insecure Firmware Based On OpenWrt
The IoTGoat Project is a deliberately insecure firmware based on OpenWrt. The project’s goal is to teach users about the most common vulnerabilities typically found in IoT devices. The vulnerabilities will be based on the IoT Top 10 as documented by OWASP:...
CVE-2019-10395
Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by users able to change various job/build properties...
CVE-2019-10395
Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by users able to change various job/build properties...
Cross site scripting
Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by users able to change various job/build properties...
CVE-2019-10395
Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by users able to change various job/build properties...
CVE-2019-10395
CVE-2019-10395 affects the Jenkins Build Environment Plugin (versions ≤ 1.6) and relates to a cross-site scripting (XSS) vulnerability caused by not escaping values of environment variables shown in plugin views. The issue could be exploited by users who can modify various job/build properties. P...
PT-2019-11789 · Cloudbees +1 · Jenkins Build Environment Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 2.146 Jenkins Build Environment Plugin versions 1.6 and earlier Description: The issue is related to a cross-site scripting vulnerability. It occurs because the Jenkins Build Environment Plugin did not properly escap...
Remote Injection Attacks
jenkins is vulnerable to remote injection attacks. The vulnerability exists as Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...
Code injection
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...
CVE-2016-3721
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...
Parse Various Log Files: Plaso
Plaso is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline and thus plaso is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network...
Update JIRA certificate for Screenshot Applet and others. It expires in June 2009
See https://extranet.atlassian.com/jira/browse/ADM-3253 Move Steves branch into trunk in the process. Also I think the build environment might need direct updating...
Update JIRA certificate for Screenshot Applet and others. It expires in June 2009
See https://extranet.atlassian.com/jira/browse/ADM-3253 Move Steves branch into trunk in the process. Also I think the build environment might need direct updating...
Perl, Qt-UnixODBC, CMake: RUNPATH issues
Background Perl is a stable, cross-platform programming language created by Larry Wall. Qt-UnixODBC is an ODBC library for Qt. CMake is a cross-platform build environment. Description Some packages may introduce insecure paths into the list of directories that are searched for libraries at runtim...