EUVD-2022-3658

Malicious code in bioql PyPI...

Jenkins Build Pipeline Plugin vulnerable to Cross-site Scripting

Build Pipeline Plugin does not properly escape variables in views, resulting in a stored cross-site scripting vulnerability exploitable by users with permission to configure build pipelines. This vulnerability is only exploitable on Jenkins releases older than 2.146 or 2.138.2 due to the security...

GHSA-CX5R-P4VJ-2MQH Jenkins Build Pipeline Plugin vulnerable to Cross-site Scripting

Build Pipeline Plugin does not properly escape variables in views, resulting in a stored cross-site scripting vulnerability exploitable by users with permission to configure build pipelines. This vulnerability is only exploitable on Jenkins releases older than 2.146 or 2.138.2 due to the security...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +2157 more potentially affected by CVE-2010-3700 via org.acegisecurity:acegi-security (>=1.0.0 <=1.0.7)

org.acegisecurity:acegi-security MAVEN version =1.0.0, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.1, =0.1.0, =1.0, =1.17.3 and more Source cves: CVE-2010-3700 Source advisory: OSV:GHSA-3295-H9QX-R82X...

org.jenkins-ci.plugins:build-pipeline-plugin (>=1.3.4.1 <=1.5.8), org.jenkins-ci.plugins:buildgraph-view (>=1.3.1 <=1.8) +8 more potentially affected by CVE-2017-1000084 via org.jenkins-ci.plugins:parameterized-trigger (>=2.12 <=2.33)

org.jenkins-ci.plugins:parameterized-trigger MAVEN version =2.12, =1.3.4.1, =1.3.1, =1.0, =1.9, =1.02, =1.0, =0.8.0, =0.16, =1.1, =0.6.6, =1.1.1 Source cves: CVE-2017-1000084 Source advisory: OSV:GHSA-MC22-25R3-2W9W...

CloudBees Jenkins Build Pipeline Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . A cross-site scripting vulnerability exists in the CloudBees Jenkins Build Pipeline Plugin, which can be exploited by an attacker to execute client-side code...

CVE-2019-10373

A stored cross-site scripting vulnerability in Jenkins Build Pipeline Plugin 1.5.8 and earlier allows attackers able to edit the build pipeline description to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins...

CVE-2019-10373

A stored cross-site scripting vulnerability in Jenkins Build Pipeline Plugin 1.5.8 and earlier allows attackers able to edit the build pipeline description to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins...

PT-2019-11769 · Jenkins · Jenkins Pipeline: Build Step Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Build Pipeline Plugin versions 1.5.8 and earlier Description: A stored cross-site scripting issue allows attackers who can edit the build pipeline description to inject arbitrary HTML and JavaScript into the plugin-provided web pages ...