155 matches found
Incorrect Authorization in Jenkins Gerrit Trigger Plugin
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins...
com.blazemeter.plugins:BlazeMeterJenkinsPlugin (>=1.0-beta-1 <=1.08-beta-1), com.brianfromoregon:caliper-ci (=2.1) +434 more potentially affected by CVE-2012-0324 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.424.4)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.0-beta-1, =1.0, =0.1, =0.1, =0.5, =0.1, =0.6, =0.6, =1.2.2, =1.2.2, =2.3.0, =2.10.1 and more Source cves: CVE-2012-0324 Source advisory: OSV:GHSA-4W4H-8QH9-342X...
org.jenkins-ci.plugins:gerrit-verify-status-reporter (>=0.0.2 <=0.0.3), org.jenkins-ci.plugins:msginject (>=0.1.0 <=0.1.1) +1 more potentially affected by CVE-2022-29039 via com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (>=2.14.0 <=2.35.0)
com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger MAVEN version =2.14.0, =0.0.2, =0.1.0, =1.0, =428.v5c962d271ba5 Source cves: CVE-2022-29039 Source advisory: OSV:GHSA-455J-8HG5-8576...
Stored Cross-site Scripting vulnerability in Jenkins Gerrit Trigger Plugin
Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of these vulnerabilities...
GHSA-455J-8HG5-8576 Stored Cross-site Scripting vulnerability in Jenkins Gerrit Trigger Plugin
Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of these vulnerabilities...
Jenkins Gerrit Trigger Plugin Cross-Site Scripting Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exis...
CVE-2022-29039
Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-29039
Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-29039
Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Cross site scripting
Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-29039
CVE-2022-29039 affects Jenkins Gerrit Trigger Plugin 2.35.2 and earlier. The vulnerability is a stored XSS caused by failing to escape the name/description of Base64 Encoded String parameters on parameter views, exploitable by users with Item/Configure permission. Connected documents confirm the ...
CVE-2022-29039
Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
PT-2022-19378 · Jenkins · Jenkins Gerrit Trigger Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Gerrit Trigger Plugin versions 2.35.2 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability, which can be exploited by attackers with Item/Configure permission. This occurs because the plugin do...
Jenkins Gerrit Trigger Plugin跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exis...
CVE-2021-22553
Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versio...
CVE-2021-22553
Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versio...
Design/Logic Flaw
Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versio...
CVE-2021-22553 Heap Memory exhaustion in Gerrit
Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versio...
CVE-2021-22553
The CVE affects Gerrit where any git operation is proxied through Jetty, creating a session without expiry and not disposed by Jetty, enabling heap memory exhaustion on the server after multiple git actions. Affected software is Gerrit with Jetty-based session handling; root cause is non-expiring...
PT-2021-15140 · Jetty +1 · Jetty +1
Name of the Vulnerable Software and Affected Versions: Gerrit affected versions not specified Description: The issue arises when any git operation is passed through Jetty, creating a session without an expiry date. Since Jetty does not automatically dispose of the session, multiple git actions ca...