Lucene search
K

64 matches found

alpinelinux
alpinelinux
added 2023/09/06 12:8 p.m.24 views

CVE-2023-41930

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a history entry, allowing attackers to have Jenkins render a manipulated configuration history that was not created by the plugin...

4.3CVSS6.9AI score0.0076EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2023/09/06 12:0 a.m.6 views

PT-2023-28171 · Jenkins · Jenkins Job Configuration History Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Job Configuration History Plugin versions 1227.v7a 79fc4dc01f and earlier Description: The issue is related to the configuration of the XML parser in the Jenkins Job Configuration History Plugin, which does not prevent XML external...

8.8CVSS8.3AI score0.0075EPSS
Exploits0References10
cnnvd
cnnvd
added 2023/09/06 12:0 a.m.5 views

Jenkins Plugin Job Configuration History Code Issue Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

8.8CVSS6.9AI score0.0075EPSS
Exploits0References4
cnnvd
cnnvd
added 2023/09/06 12:0 a.m.4 views

Jenkins Plugin Job Configuration History Path Traversal Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS6.7AI score0.0076EPSS
Exploits0References4
cnnvd
cnnvd
added 2023/09/06 12:0 a.m.5 views

Jenkins Plugin Job Configuration History Code Issue Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS6.8AI score0.00555EPSS
Exploits0References4
osv
osv
added 2022/08/24 12:0 a.m.30 views

GHSA-28W4-H56G-GRG7 Cross-site Scripting in Jenkins Job Configuration History Plugin

Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure job names...

5.4CVSS5.3AI score0.0059EPSS
Exploits0References5
github
github
added 2022/08/24 12:0 a.m.26 views

Cross-site Scripting in Jenkins Job Configuration History Plugin

Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure job names...

5.4CVSS4.9AI score0.0059EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2022/08/23 5:15 p.m.31 views

CVE-2022-38664

Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure job names...

5.4CVSS0.0059EPSS
Exploits0References2
cvelist
cvelist
added 2022/08/23 4:45 p.m.29 views

CVE-2022-38664

Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure job names...

5.5AI score0.0059EPSS
Exploits0References2
euvd
euvd
added 2022/08/23 4:45 p.m.9 views

EUVD-2022-6457

Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure job names...

5.4CVSS5.2AI score0.0059EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2022/08/23 12:0 a.m.4 views

PT-2022-24514 · Jenkins · Jenkins Job Configuration History Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Job Configuration History Plugin versions 1165.v8cc9fd1f4597 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the job name on the System Configuration History page is n...

5.4CVSS5.1AI score0.0059EPSS
Exploits0References7
cnnvd
cnnvd
added 2022/08/23 12:0 a.m.8 views

Jenkins Job Configuration History Plugin 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site scripting...

5.4CVSS5.3AI score0.0059EPSS
Exploits0References5
bdu_fstec
bdu_fstec
added 2022/08/10 12:0 a.m.7 views

The vulnerability of the Jenkins Job Configuration History Plugin, related to the manipulation of cross-site requests, allows a perpetrator to carry out a CSRF attack.

The vulnerability of the Jenkins Job Configuration History Plugin is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack remotely...

5CVSS5.2AI score0.00362EPSS
Exploits0References3Affected Software1
osv
osv
added 2022/07/28 12:0 a.m.30 views

GHSA-J896-J72W-CR32 Jenkins Job Configuration History Plugin does not require POST requests for several HTTP endpoints

Jenkins Job Configuration History Plugin 1155.v28a46acc06a5 and earlier does not require POST requests for several HTTP endpoints, resulting in cross-site request forgery CSRF vulnerabilities. These vulnerabilities allow attackers to delete entries from job, agent, and system configuration histor...

4.3CVSS5.2AI score0.00362EPSS
Exploits0References4
github
github
added 2022/07/28 12:0 a.m.33 views

Jenkins Job Configuration History Plugin does not require POST requests for several HTTP endpoints

Jenkins Job Configuration History Plugin 1155.v28a46acc06a5 and earlier does not require POST requests for several HTTP endpoints, resulting in cross-site request forgery CSRF vulnerabilities. These vulnerabilities allow attackers to delete entries from job, agent, and system configuration histor...

4.3CVSS5.3AI score0.00362EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2022/07/27 3:15 p.m.18 views

CVE-2022-36887

A cross-site request forgery CSRF vulnerability in Jenkins Job Configuration History Plugin 1155.v28a46acc06a5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations...

4.3CVSS0.00362EPSS
Exploits0References2
osv
osv
added 2022/07/27 3:15 p.m.2 views

CVE-2022-36887

A cross-site request forgery CSRF vulnerability in Jenkins Job Configuration History Plugin 1155.v28a46acc06a5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations...

4.3CVSS5.7AI score0.00362EPSS
Exploits0References2
attackerkb
attackerkb
added 2022/07/27 3:15 p.m.5 views

CVE-2022-36887

A cross-site request forgery CSRF vulnerability in Jenkins Job Configuration History Plugin 1155.v28a46acc06a5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations...

4.3CVSS5.6AI score0.00362EPSS
Exploits0References3
prion
prion
added 2022/07/27 3:15 p.m.25 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Job Configuration History Plugin 1155.v28a46acc06a5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations...

4.3CVSS4.6AI score0.00362EPSS
Exploits0References2Affected Software1
cve
cve
added 2022/07/27 2:22 p.m.92 views

CVE-2022-36887

CVE-2022-36887 is a CSRF vulnerability in Jenkins Job Configuration History Plugin (versions up to 1155.v28a_46a_cc06a_5). The issue allows an attacker to delete entries from job, agent, and system configuration history or restore older configurations by convincing a user to perform unwanted acti...

4.3CVSS4.5AI score0.00362EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder