Jenkins Project Inheritance Plugin vulnerable to cross site scripting

Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to control the reason a queue item is blocked...

CVE-2022-34787

Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to control the reason a queue item is blocked...

CVE-2022-34787

Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to control the reason a queue item is blocked...

CVE-2022-34787

Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to control the reason a queue item is blocked...

Cross site scripting

Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to control the reason a queue item is blocked...

CVE-2022-34787

Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to control the reason a queue item is blocked...

CVE-2022-34787

CVE-2022-34787 concerns Jenkins Project Inheritance Plugin, versions 21.04.03 and earlier. The vulnerability arises because the plugin does not escape the text explaining why a build is blocked in tooltips, enabling stored or reflected XSS if an attacker can control the blocked queue reason. Expl...

CVE-2022-34787

Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to control the reason a queue item is blocked...

PT-2022-22338 · Jenkins · Jenkins Project Inheritance Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Project Inheritance Plugin versions 21.04.03 and earlier Description: The issue is related to a cross-site scripting XSS vulnerability. It occurs because the reason a build is blocked in tooltips is not properly escaped, allowing...

Jenkins Plugin Project Inheritance 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exist...

Malicious code in spotify-inheritance (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 912a69093c6771b1619a7317a7afe5726cf10a080b8198fc48a9ba963ba1ae96 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6257 Malicious code in spotify-inheritance (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 912a69093c6771b1619a7317a7afe5726cf10a080b8198fc48a9ba963ba1ae96 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in multiple-inheritance-rest (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f78cfc2383f9411d2efdd19966250309bac7347c428ed4ac4034231a7997db39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OESA-2022-1704 runc security update

runc is a CLI tool for spawning and running containers according to the OCI specification. Security Fixes: runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes wit...

Missing inheritance makes fulfillBasicOrder() in Consideration.sol non-functional

Lines of code Vulnerability details Impact fulfillBasicOrder in Consideration.sol would not function properly since the call in line 83 - validateAndFulfillBasicOrder is not possible as there's no existing function for it due to a missing inheritance. Users will not be able to fulfill any Basic...

CVE-2022-26694

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application's permissions and access user data...

CVE-2022-26693

This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application's permissions and access user data...

Project Inheritance Plugin showed secret environment variables defined in Mask Passwords Plugin

Jenkins Project Inheritance Plugin 19.08.02 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin...

GHSA-W53Q-R5CW-6VJH Missing permission check in Jenkins Project Inheritance Plugin

Jenkins Project Inheritance Plugin 21.04.03 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure...

Missing permission check in Jenkins Project Inheritance Plugin

Jenkins limits access to job configuration XML data config.xml to users with Job/ExtendedRead permission, typically implied by Job/Configure permission. Project Inheritance Plugin has several job inspection features, including the API URL /job/…​/getConfigAsXML for its Inheritance Project job typ...