Lucene search
K

118 matches found

OSV
OSV
added 2022/05/24 5:3 p.m.32 views

GHSA-X9GC-P2QP-4P7V Missing permission check in Jenkins Build Failure Analyzer Plugin

A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression...

4.3CVSS4.3AI score0.00817EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 5:3 p.m.27 views

Cross-Site Request Forgery in Jenkins Build Failure Analyzer Plugin

A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression...

8.8CVSS5.7AI score0.00691EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 5:3 p.m.15 views

GHSA-543W-GQ76-PW7G Cross-Site Request Forgery in Jenkins Build Failure Analyzer Plugin

A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression...

8.8CVSS8.6AI score0.00691EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/17 3:51 a.m.10 views

Jenkins Build Failure Analyzer Plugin allows Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in the Build Failure Analyzer plugin before 1.5.1 for Jenkins allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.3AI score0.00967EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:30 a.m.25 views

Cross-site Scripting in Jenkins Build Failure Analyzer plugin

Cross-site scripting XSS vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter...

6.1CVSS4.3AI score0.01229EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/13 1:30 a.m.20 views

GHSA-7W89-QQXX-C62R Cross-site Scripting in Jenkins Build Failure Analyzer plugin

Cross-site scripting XSS vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter...

6.1CVSS6.1AI score0.01229EPSS
Exploits0References3
OSV
OSV
added 2021/04/26 4:15 p.m.4 views

DEBIAN-CVE-2021-27851

A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with guix build, that makes its build...

5.5CVSS5.5AI score0.00334EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.30 views

SUSE SLED15 / SLES15 Security Update : libvirt (SUSE-SU-2020:3037-1)

This update for libvirt fixes the following issues : CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros bsc1174955. CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces bsc1177155. qemu: Adjust max memlock on mdev hotplug bsc1177480. Xen: Don't add dom0 twice...

9.3CVSS7AI score0.00529EPSS
Exploits0References11
CNVD
CNVD
added 2020/09/08 12:0 a.m.5 views

CloudBees Jenkins XSS Vulnerability (CNVD-2020-50957)

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . Jenkins Build Failure Analyze...

5.4CVSS6.6AI score0.00753EPSS
Exploits0References1
NVD
NVD
added 2020/09/01 2:15 p.m.17 views

CVE-2020-2244

Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to provide console output for builds used to test build log indications...

5.4CVSS5.3AI score0.00753EPSS
Exploits0References2
OSV
OSV
added 2020/09/01 2:15 p.m.18 views

CVE-2020-2244

Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to provide console output for builds used to test build log indications...

5.4CVSS5.7AI score0.00753EPSS
Exploits0References2
Prion
Prion
added 2020/09/01 2:15 p.m.21 views

Cross site scripting

Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to provide console output for builds used to test build log indications...

3.5CVSS5.3AI score0.00753EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/09/01 1:50 p.m.17 views

CVE-2020-2244

Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to provide console output for builds used to test build log indications...

5.3AI score0.00753EPSS
Exploits0References2
CVE
CVE
added 2020/09/01 1:50 p.m.77 views

CVE-2020-2244

Summary: CVE-2020-2244 affects the Jenkins Build Failure Analyzer Plugin (version 1.27.0 and earlier). The vulnerability is an XSS due to unescaped matching text in a form validation response, which can be triggered by attackers who can supply console output for builds used to test build log indi...

5.4CVSS5.3AI score0.00753EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/03/26 12:0 a.m.36 views

SUSE SLES12 Security Update : python-cffi, python-cryptography (SUSE-SU-2020:0792-1)

This update for python-cffi, python-cryptography fixes the following issues : Security issue fixed : CVE-2018-10903: Fixed GCM tag forgery via truncated tag in finalizewithtag API bsc1101820. Non-security issues fixed : python-cffi was updated to 1.11.2 bsc1138748, jscECO-1256, jscPM-1598: fixed ...

7.5CVSS6.9AI score0.03196EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2020/03/26 12:0 a.m.36 views

SUSE SLES12 Security Update : python-cffi, python-cryptography, python-xattr (SUSE-SU-2020:0790-1)

This update for python-cffi, python-cryptography and python-xattr fixes the following issues : Security issue fixed : CVE-2018-10903: Fixed GCM tag forgery via truncated tag in finalizewithtag API bsc1101820. Non-security issues fixed : python-cffi was updated to 1.11.2 bsc1138748, jscECO-1256,...

7.5CVSS7.2AI score0.03196EPSS
Exploits0References10
Virtuozzo
Virtuozzo
added 2020/02/28 12:0 a.m.79 views

Product release: Virtuozzo Infrastructure Platform 3.5 Update 1 (3.5.1-43)

This update provides a new feature as well as fixes and improvements. Vulnerability id: VSTOR-30003 Unable to release node from cluster: 'Unable to send message to any node in ABGW cluster'. Vulnerability id: VSTOR-30135 No read/write data on dashboards if multipath is configured. Vulnerability i...

0.5AI score
Exploits0
CNVD
CNVD
added 2019/12/25 12:0 a.m.4 views

CloudBees Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . A cross-site request forgery vulnerability exists in CloudBees Jenkins Build Failure Analyzer Plugin 1.24.1 and prior versions. The vulnerability stems from a WEB...

8.8CVSS6.9AI score0.00691EPSS
Exploits0References1
CNVD
CNVD
added 2019/12/25 12:0 a.m.5 views

CloudBees Jenkins Build Failure Analyzer Plugin Authorization Issues Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . An authorization issue vulnerability exists in CloudBees Jenkins Build Failure Analyzer Plugin 1.24.1 and prior versions. The vulnerability stems from a lack of...

4.3CVSS7.1AI score0.00817EPSS
Exploits0References1
OSV
OSV
added 2019/12/17 3:15 p.m.19 views

CVE-2019-16555

A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process...

6.5CVSS6.6AI score
Exploits0References2
Rows per page
Query Builder