73 matches found
Vulnerabilities fixed in Jenkins
Several vulnerabilities have been fixed in Jenkins. A malicious user could potentially exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. A such an attack can lead to the execution of arbitrary script code in the browser used to visit the application. Jenkins developers hav...
CVE-2020-2227
The CVE-2020-2227 entry concerns the Jenkins Deployer Framework Plugin (versions 1.2 and earlier). The vulnerability is a stored XSS caused by the plugin not escaping the URL displayed on the build home page. Impact is that an attacker could execute script in the context of an affected user’s bro...
PT-2020-15443 · Jenkins · Jenkins Deployer Framework Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Deployer Framework Plugin versions 1.2 and earlier Description: The issue is related to a stored cross-site scripting vulnerability. It occurs because the URL displayed in the build home page is not properly escaped. This vulnerabilit...
CloudBees Jenkins Play Framework Plugin OS Command Injection Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Play Framework Plugin is used in one of the...
CVE-2020-2200
Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the play command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master...
CVE-2020-2200
CVE-2020-2200 concerns the Jenkins Play Framework Plugin (versions 1.0.2 and earlier). The issue arises when a form validation endpoint lets users specify the path to the play command on the Jenkins master, enabling an OS command injection vulnerability exploitable by users who can place a file o...
CVE-2020-2200
Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the play command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master...
PT-2020-15414 · Jenkins · Jenkins Play Framework Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Play Framework Plugin versions 1.0.2 and earlier Description: The issue concerns an OS command injection vulnerability. It occurs because a form validation endpoint in the Play Framework Plugin executes the play command to validate a...
CloudBees Jenkins Robot Framework Plugin Code Issue Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . CloudBees Jenkins Robot...
CVE-2020-2092
Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...
CVE-2020-2092
Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...
CVE-2020-2092
Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...
CVE-2020-2092
CVE-2020-2092 affects Jenkins Robot Framework Plugin (versions ≤ 2.0.0). The issue is that the XML parser is not configured to prevent XML External Entity (XXE) attacks, enabling users with Job/Configure to submit crafted XML documents that may expose secrets, enable SSRF, or cause denial of serv...