16 matches found
Critical: Red Hat Security Advisory: OpenShift Container Platform 4.10.56 security update
Red Hat OpenShift Container Platform release 4.10.56 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a...
CVE-2023-27898
A flaw was found in Jenkins. Affected versions of Jenkins do not escape the Jenkins version that a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins in the plugin manager. This issue results in a stored Cross-site scripting XSS...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1602 more potentially affected by CVE-2023-27898 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.37)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2023-27898 Source advisory: OSV:GHSA-J664-QHH4-HPF8...
CVE-2023-27898 vulnerabilities
Vulnerabilities for packages: jenkins...
CVE-2023-27898 vulnerabilities
Vulnerabilities for packages: jenkins...
CVE-2023-27898
Jenkins 2.270 through 2.393 both inclusive, LTS 2.277.1 through 2.375.3 both inclusive does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting XSS...
CVE-2023-27898
Jenkins 2.270 through 2.393 both inclusive, LTS 2.277.1 through 2.375.3 both inclusive does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting XSS...
CVE-2023-27898
creationtimestamp| type| source ---|---|--- 2023-03-09 04:59:49+00:00| seen| https://t.me/KomunitiSiber/34 2023-03-09 06:16:33+00:00| published-proof-of-concept| https://t.me/ptswarm/163 2023-03-09 13:39:22+00:00| published-proof-of-concept| https://t.me/cKure/10774 2023-03-10 17:00:11+00:00| see...
Jenkins XSS Vulnerability (CVE-2023-27898) - Linux
Jenkins is prone to a cross-site scripting XSS vulnerability in plugin manager. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program...
Jenkins XSS Vulnerability (CVE-2023-27898) - Windows
Jenkins is prone to a cross-site scripting XSS vulnerability in plugin manager. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program...
Jenkins LTS < 2.375.4 / Jenkins weekly < 2.394 Multiple Vulnerabilities
According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.375.4 or Jenkins weekly prior to 2.394. It is, therefore, affected by multiple vulnerabilities: - Apache Commons FileUpload before 1.5 does not limit the number of...
CVE-2023-27898
CVE-2023-27898 affects Jenkins core (versions 2.270–2.393 and LTS 2.277.1–2.375.3) where an error message rendering vendor/plugin incompatibility fails to escape the Jenkins version context. This leads to a stored cross-site scripting (XSS) vulnerability that can be triggered by attackers who can...
CVE-2023-27898
Jenkins 2.270 through 2.393 both inclusive, LTS 2.277.1 through 2.375.3 both inclusive does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting XSS...
CVE-2023-27898
Jenkins 2.270 through 2.393 both inclusive, LTS 2.277.1 through 2.375.3 both inclusive does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting XSS...
Jenkins Security Alert: New Security Flaws Could Allow Code Execution Attacks
A pair of severe security vulnerabilities have been disclosed in the Jenkins open source automation server that could lead to code execution on targeted systems. The flaws, tracked as CVE-2023-27898 and CVE-2023-27905, impact the Jenkins server and Update Center, and have been collectively...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description High SECURITY-3037 / CVE-2023-27898 XSS vulnerability in plugin manager Medium SECURITY-3030 / CVE-2023-24998 upstream issue, CVE-2023-27900 MultipartFormDataParser, CVE-2023-27901 StaplerRequest DoS vulnerability in bundled Apache Commons FileUpload library...