50 matches found
CVE-2019-10349
A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins...
CVE-2019-10349
The CVE-2019-10349 issue affects Jenkins Dependency Graph View Plugin (≤0.13). The root cause is a stored XSS vulnerability in the plugin’s Configure module where the Display Name field can be exploited to inject arbitrary HTML/JavaScript into plugin-provided Jenkins pages. Impact per sources is ...
PT-2019-11748 · Jenkins · Jenkins Dependency Graph Viewer Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Dependency Graph Viewer Plugin versions 0.13 and earlier Description: A stored cross site scripting issue allows attackers who can configure jobs in Jenkins to inject arbitrary HTML and JavaScript into the plugin-provided web pages in...
CloudBees Jenkins Dependency Graph Viewer plugin unauthorized modification vulnerability
CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Dependency Graph Viewer is used in o...
CVE-2017-1000388
Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data...
Code injection
Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data...
CVE-2017-1000388
Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data...
CVE-2017-1000388
The CVE-2017-1000388 entry concerns the Jenkins Dependency Graph Viewer plugin (version 0.12 and earlier). The root cause is missing permission checks on the API endpoint that modifies the dependency graph, allowing any user with Overall/Read permission to modify the data. This description is sup...
bugzilla: cross-site scripting
An attacker can craft a malicious summary within a bug report to host malicious javascript code. This code will be served to a user when he or she navigates to the bug's dependency graph...
Bugzilla security issues
Bugzilla Security Advisory During the generation of a dependency graph, the code for the HTML image map is generated locally if a local dot installation is used. With escaped HTML characters in a bug summary, it is possible to inject unfiltered HTML code in the map file which the CreateImagemap...