Lucene search
K

72 matches found

RedHat Linux
RedHat Linux
added 2023/02/23 12:1 a.m.2 views

jenkins-plugin/JUnit: Stored XSS vulnerability in JUnit Plugin

A flaw was found in the JUnit Jenkins Plugin. The affected version of the JUnit plugin converts HTTPS URLs in test report output to clickable links, which leads to a stored Cross-site scripting XSS attack...

5.4CVSS5.6AI score0.00617EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/02/15 3:30 p.m.36 views

Cross-site Scripting in Jenkins JUnit Plugin

Jenkins JUnit Plugin 1166.va436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin...

5.4CVSS5.3AI score0.00699EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2023/02/15 2:15 p.m.25 views

CVE-2023-25761

Jenkins JUnit Plugin 1166.va436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin...

5.4CVSS6.6AI score0.00699EPSS
Exploits0References2
Prion
Prion
added 2023/02/15 2:15 p.m.22 views

Cross site scripting

Jenkins JUnit Plugin 1166.va436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin...

4.9CVSS6.3AI score0.00699EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2023/02/15 1:59 p.m.43 views

CVE-2023-25761

A flaw was found in the Jenkins JUnit plugin. The affected versions of the JUnit Plugin do not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting XSS vulnerability. This may allow an attacker to control test case class names in the JUnit resources...

5.4CVSS5.3AI score0.00699EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:20 a.m.3 views

SUSE CVE-2018-1000056

Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...

8.3CVSS8.2AI score0.01097EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/02/15 12:0 a.m.24 views

CVE-2023-25761

Jenkins JUnit Plugin 1166.va436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin...

5.3AI score0.00699EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2023/02/15 12:0 a.m.40 views

CVE-2023-25761

Jenkins JUnit Plugin 1166.va436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin...

5.4CVSS5.5AI score0.00699EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/02/15 12:0 a.m.6 views

CVE-2023-25761

Jenkins JUnit Plugin 1166.va436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin...

5.3AI score0.00699EPSS
Exploits0References2
CVE
CVE
added 2023/02/15 12:0 a.m.359 views

CVE-2023-25761

Technical details about CVE-2023-25761 are not publicly provided in the supplied documents. No concrete affected products, versions, impact, or fixes are confirmed here. Monitor for updates.

5.4CVSS5AI score0.00699EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/02/15 12:0 a.m.49 views

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.9 Multiple Vulnerabilities (CloudBees Security Advisory 2023-02-15)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.9. It is, therefore, affected by multiple vulnerabilities including the following: - CSRF vulnerability and missing permission checks in Synopsys Coverity Plugin allow...

9.9CVSS6.1AI score0.814EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2023/02/08 6:41 p.m.25 views

jenkins-plugin/JUnit: Stored XSS vulnerability in JUnit Plugin

A flaw was found in the JUnit Jenkins Plugin. The affected version of the JUnit plugin converts HTTPS URLs in test report output to clickable links, which leads to a stored Cross-site scripting XSS attack...

5.4CVSS5.6AI score0.00617EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/01/12 4:49 p.m.5 views

jenkins-plugin/junit: Stored XSS vulnerability in JUnit Plugin

A flaw was found in the JUnit Jenkins plugin. The manipulation with an unknown input leads to a Cross-site scripting vulnerability, impacting the integrity. This flaw allows an attacker to inject arbitrary HTML and script code into the website...

5.4CVSS5.9AI score0.76878EPSS
Exploits0References5
OSV
OSV
added 2022/11/16 12:0 p.m.27 views

GHSA-298R-5C48-7Q2R Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion

JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links. This is done in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. JUnit Plugin 1160.vf1f01aaeab7f no long...

8CVSS6.5AI score0.00617EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/11/16 12:0 p.m.28 views

Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion

JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links. This is done in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. JUnit Plugin 1160.vf1f01aaeab7f no long...

5.4CVSS5.3AI score0.00617EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2022/11/15 8:15 p.m.18 views

CVE-2022-45380

Jenkins JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS0.00617EPSS
Exploits0References2
OSV
OSV
added 2022/11/15 8:15 p.m.25 views

CVE-2022-45380

Jenkins JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.2AI score
Exploits0References2
Prion
Prion
added 2022/11/15 8:15 p.m.30 views

Cross site scripting

Jenkins JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

4.9CVSS5.2AI score0.00617EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/11/15 12:0 a.m.36 views

CVE-2022-45380

Jenkins JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.5AI score0.00617EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2022/11/15 12:0 a.m.31 views

CVE-2022-45380

Jenkins JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS0.2AI score0.00617EPSS
Exploits0References2
Rows per page
Query Builder