Lucene search
K

50 matches found

Cvelist
Cvelist
added 2019/07/11 1:55 p.m.32 views

CVE-2019-10349

A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins...

5.1AI score0.03885EPSS
Exploits5References4
CVE
CVE
added 2019/07/11 1:55 p.m.90 views

CVE-2019-10349

The CVE-2019-10349 issue affects Jenkins Dependency Graph View Plugin (≤0.13). The root cause is a stored XSS vulnerability in the plugin’s Configure module where the Display Name field can be exploited to inject arbitrary HTML/JavaScript into plugin-provided Jenkins pages. Impact per sources is ...

5.4CVSS5AI score0.03885EPSS
Exploits5References4Affected Software1
Positive Technologies
Positive Technologies
added 2019/07/11 12:0 a.m.4 views

PT-2019-11748 · Jenkins · Jenkins Dependency Graph Viewer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Dependency Graph Viewer Plugin versions 0.13 and earlier Description: A stored cross site scripting issue allows attackers who can configure jobs in Jenkins to inject arbitrary HTML and JavaScript into the plugin-provided web pages in...

5.4CVSS5AI score0.03885EPSS
Exploits5References11
CNVD
CNVD
added 2018/02/02 12:0 a.m.3 views

CloudBees Jenkins Dependency Graph Viewer plugin unauthorized modification vulnerability

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Dependency Graph Viewer is used in o...

4.3CVSS7AI score0.0063EPSS
Exploits0References1
NVD
NVD
added 2018/01/26 2:29 a.m.17 views

CVE-2017-1000388

Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data...

4.3CVSS4.6AI score0.0063EPSS
Exploits0References1
Prion
Prion
added 2018/01/26 2:29 a.m.20 views

Code injection

Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data...

4CVSS4.6AI score0.0063EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/01/26 2:29 a.m.18 views

CVE-2017-1000388

Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data...

4.3CVSS4.9AI score
Exploits0References1
CVE
CVE
added 2018/01/26 2:0 a.m.51 views

CVE-2017-1000388

The CVE-2017-1000388 entry concerns the Jenkins Dependency Graph Viewer plugin (version 0.12 and earlier). The root cause is missing permission checks on the API endpoint that modifies the dependency graph, allowing any user with Overall/Read permission to modify the data. This description is sup...

4.3CVSS4.5AI score0.0063EPSS
Exploits0References1Affected Software1
ArchLinux
ArchLinux
added 2016/05/19 12:0 a.m.28 views

bugzilla: cross-site scripting

An attacker can craft a malicious summary within a bug report to host malicious javascript code. This code will be served to a user when he or she navigates to the bug's dependency graph...

0.9AI score0.01483EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2015/12/22 12:0 a.m.40 views

Bugzilla security issues

Bugzilla Security Advisory During the generation of a dependency graph, the code for the HTML image map is generated locally if a local dot installation is used. With escaped HTML characters in a bug summary, it is possible to inject unfiltered HTML code in the map file which the CreateImagemap...

4.7CVSS5.9AI score0.01906EPSS
Exploits2References2
Rows per page
Query Builder