118 matches found
GHSA-X9GC-P2QP-4P7V Missing permission check in Jenkins Build Failure Analyzer Plugin
A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression...
Cross-Site Request Forgery in Jenkins Build Failure Analyzer Plugin
A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression...
GHSA-543W-GQ76-PW7G Cross-Site Request Forgery in Jenkins Build Failure Analyzer Plugin
A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression...
Jenkins Build Failure Analyzer Plugin allows Cross-Site Scripting (XSS)
Cross-site scripting XSS vulnerability in the Build Failure Analyzer plugin before 1.5.1 for Jenkins allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
Cross-site Scripting in Jenkins Build Failure Analyzer plugin
Cross-site scripting XSS vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter...
GHSA-7W89-QQXX-C62R Cross-site Scripting in Jenkins Build Failure Analyzer plugin
Cross-site scripting XSS vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter...
DEBIAN-CVE-2021-27851
A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with guix build, that makes its build...
SUSE SLED15 / SLES15 Security Update : libvirt (SUSE-SU-2020:3037-1)
This update for libvirt fixes the following issues : CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros bsc1174955. CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces bsc1177155. qemu: Adjust max memlock on mdev hotplug bsc1177480. Xen: Don't add dom0 twice...
CloudBees Jenkins XSS Vulnerability (CNVD-2020-50957)
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . Jenkins Build Failure Analyze...
CVE-2020-2244
Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to provide console output for builds used to test build log indications...
CVE-2020-2244
Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to provide console output for builds used to test build log indications...
Cross site scripting
Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to provide console output for builds used to test build log indications...
CVE-2020-2244
Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to provide console output for builds used to test build log indications...
CVE-2020-2244
Summary: CVE-2020-2244 affects the Jenkins Build Failure Analyzer Plugin (version 1.27.0 and earlier). The vulnerability is an XSS due to unescaped matching text in a form validation response, which can be triggered by attackers who can supply console output for builds used to test build log indi...
SUSE SLES12 Security Update : python-cffi, python-cryptography (SUSE-SU-2020:0792-1)
This update for python-cffi, python-cryptography fixes the following issues : Security issue fixed : CVE-2018-10903: Fixed GCM tag forgery via truncated tag in finalizewithtag API bsc1101820. Non-security issues fixed : python-cffi was updated to 1.11.2 bsc1138748, jscECO-1256, jscPM-1598: fixed ...
SUSE SLES12 Security Update : python-cffi, python-cryptography, python-xattr (SUSE-SU-2020:0790-1)
This update for python-cffi, python-cryptography and python-xattr fixes the following issues : Security issue fixed : CVE-2018-10903: Fixed GCM tag forgery via truncated tag in finalizewithtag API bsc1101820. Non-security issues fixed : python-cffi was updated to 1.11.2 bsc1138748, jscECO-1256,...
Product release: Virtuozzo Infrastructure Platform 3.5 Update 1 (3.5.1-43)
This update provides a new feature as well as fixes and improvements. Vulnerability id: VSTOR-30003 Unable to release node from cluster: 'Unable to send message to any node in ABGW cluster'. Vulnerability id: VSTOR-30135 No read/write data on dashboards if multipath is configured. Vulnerability i...
CloudBees Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . A cross-site request forgery vulnerability exists in CloudBees Jenkins Build Failure Analyzer Plugin 1.24.1 and prior versions. The vulnerability stems from a WEB...
CloudBees Jenkins Build Failure Analyzer Plugin Authorization Issues Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . An authorization issue vulnerability exists in CloudBees Jenkins Build Failure Analyzer Plugin 1.24.1 and prior versions. The vulnerability stems from a lack of...
CVE-2019-16555
A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process...