48 matches found
jenkins: Content-Security-Policy headers for files uploaded leads to XSS
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability...
GeniXCMS Cross-Site Scripting Vulnerability (CNVD-2017-00738)
MetalGenix GeniXCMS is a PHP-based content management system and framework CMSF that provides modules for user management, content management and menu management. A cross-site scripting vulnerability exists in GeniXCMS. A remote attacker can inject arbitrary web script or HTML code via build...
jenkins: Arbitrary build parameters are passed to build scripts as environment variables (SECURITY-170)
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...
jenkins: Arbitrary build parameters are passed to build scripts as environment variables (SECURITY-170)
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...
CVE-2016-3721
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...
CVE-2016-3721
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...
CVE-2016-3721
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...
CVE-2016-3721
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...