Lucene search
+L

155 matches found

Github Security Blog
Github Security Blog
added 2022/05/13 1:48 a.m.26 views

Incorrect Authorization in Jenkins Gerrit Trigger Plugin

An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins...

5.5CVSS4.4AI score0.00908EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/04 12:29 a.m.6 views

com.blazemeter.plugins:BlazeMeterJenkinsPlugin (>=1.0-beta-1 <=1.08-beta-1), com.brianfromoregon:caliper-ci (=2.1) +434 more potentially affected by CVE-2012-0324 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.424.4)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.0-beta-1, =1.0, =0.1, =0.1, =0.5, =0.1, =0.6, =0.6, =1.2.2, =1.2.2, =2.3.0, =2.10.1 and more Source cves: CVE-2012-0324 Source advisory: OSV:GHSA-4W4H-8QH9-342X...

4.3CVSS5.8AI score0.01124EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/04/13 12:0 a.m.5 views

org.jenkins-ci.plugins:gerrit-verify-status-reporter (>=0.0.2 <=0.0.3), org.jenkins-ci.plugins:msginject (>=0.1.0 <=0.1.1) +1 more potentially affected by CVE-2022-29039 via com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (>=2.14.0 <=2.35.0)

com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger MAVEN version =2.14.0, =0.0.2, =0.1.0, =1.0, =428.v5c962d271ba5 Source cves: CVE-2022-29039 Source advisory: OSV:GHSA-455J-8HG5-8576...

5.4CVSS6AI score0.00798EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/04/13 12:0 a.m.28 views

Stored Cross-site Scripting vulnerability in Jenkins Gerrit Trigger Plugin

Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of these vulnerabilities...

5.4CVSS5.7AI score0.00798EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/04/13 12:0 a.m.27 views

GHSA-455J-8HG5-8576 Stored Cross-site Scripting vulnerability in Jenkins Gerrit Trigger Plugin

Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of these vulnerabilities...

8CVSS5.7AI score0.00798EPSS
Exploits0References4
CNVD
CNVD
added 2022/04/13 12:0 a.m.23 views

Jenkins Gerrit Trigger Plugin Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exis...

5.4CVSS0.8AI score0.00798EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/04/12 8:15 p.m.2 views

CVE-2022-29039

Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS6.1AI score0.00798EPSS
Exploits0References2
NVD
NVD
added 2022/04/12 8:15 p.m.25 views

CVE-2022-29039

Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS0.00798EPSS
Exploits0References1
OSV
OSV
added 2022/04/12 8:15 p.m.28 views

CVE-2022-29039

Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.3AI score
Exploits0References1
Prion
Prion
added 2022/04/12 8:15 p.m.23 views

Cross site scripting

Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

3.5CVSS5.3AI score0.00798EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/04/12 7:50 p.m.102 views

CVE-2022-29039

CVE-2022-29039 affects Jenkins Gerrit Trigger Plugin 2.35.2 and earlier. The vulnerability is a stored XSS caused by failing to escape the name/description of Base64 Encoded String parameters on parameter views, exploitable by users with Item/Configure permission. Connected documents confirm the ...

5.4CVSS5.4AI score0.00798EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/04/12 7:50 p.m.31 views

CVE-2022-29039

Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.8AI score0.00798EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/04/12 12:0 a.m.4 views

PT-2022-19378 · Jenkins · Jenkins Gerrit Trigger Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Gerrit Trigger Plugin versions 2.35.2 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability, which can be exploited by attackers with Item/Configure permission. This occurs because the plugin do...

8CVSS5.4AI score0.00798EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/04/12 12:0 a.m.6 views

Jenkins Gerrit Trigger Plugin跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exis...

5.4CVSS5.3AI score0.00798EPSS
Exploits0References4
NVD
NVD
added 2021/02/17 12:15 p.m.21 views

CVE-2021-22553

Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versio...

7.5CVSS0.00355EPSS
Exploits0References1
OSV
OSV
added 2021/02/17 12:15 p.m.7 views

CVE-2021-22553

Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versio...

7.5CVSS7.1AI score0.00355EPSS
Exploits0References1
Prion
Prion
added 2021/02/17 12:15 p.m.25 views

Design/Logic Flaw

Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versio...

5CVSS7.5AI score0.00355EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/02/17 12:5 p.m.41 views

CVE-2021-22553 Heap Memory exhaustion in Gerrit

Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versio...

6.5CVSS7.8AI score0.00355EPSS
Exploits0References1
CVE
CVE
added 2021/02/17 12:5 p.m.49 views

CVE-2021-22553

The CVE affects Gerrit where any git operation is proxied through Jetty, creating a session without expiry and not disposed by Jetty, enabling heap memory exhaustion on the server after multiple git actions. Affected software is Gerrit with Jetty-based session handling; root cause is non-expiring...

7.5CVSS7AI score0.00355EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/02/17 12:0 a.m.10 views

PT-2021-15140 · Jetty +1 · Jetty +1

Name of the Vulnerable Software and Affected Versions: Gerrit affected versions not specified Description: The issue arises when any git operation is passed through Jetty, creating a session without an expiry date. Since Jetty does not automatically dispose of the session, multiple git actions ca...

7.5CVSS7.5AI score0.00355EPSS
Exploits0References6
Rows per page
Query Builder