CVE-2022-45380

Jenkins JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-45380

CVE-2022-45380 affects Jenkins JUnit Plugin (1159.v0b_396e1e07dd and earlier). The issue: test report output URLs are converted to HTTP(S) links in an unsafe way, enabling stored XSS. Exploitation requires Item/Configure permission. Affected versions and root cause are described in the CVE entry ...

Jenkins Plugin JUnit 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is an application software. A cross-site scripting...

CVE-2022-45380

Jenkins JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

Jenkins JUnit Plugin Cross-Site Scripting (CVE-2022-34176)

A stored cross-site scripting vulnerability exists in Jenkins JUnit Plugin. The vulnerability is due to the JUnit plugin not escaping the description parameter of the build run test result...

jenkins-plugin/junit: Stored XSS vulnerability in JUnit Plugin

A flaw was found in the JUnit Jenkins plugin. The manipulation with an unknown input leads to a Cross-site scripting vulnerability, impacting the integrity. This flaw allows an attacker to inject arbitrary HTML and script code into the website...

Jenkins LTS < 2.332.4 / Jenkins weekly < 2.356 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.332.4 or Jenkins weekly prior to 2.356. It is, therefore, affected by multiple vulnerabilities: - Multiple cross-site scripting XSS vulnerabilities in Jenkins 2.355...

Jenkins plugins Multiple Vulnerabilities (2022-06-22)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Multiple cross-site scripting XSS vulnerabilities in Jenkins 2.355 and earlier, LTS 2.332.3 and earlier allow attackers to inject HTML and...

Cross-site Scripting in Jenkins JUnit Plugin

JUnit Plugin 1119.vaa5e9068dad7 and earlier does not escape descriptions of test results. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Run/Update permission. JUnit Plugin 1119.1121.vc43d0fc45561 applies the configured markup formatter to descriptio...

GHSA-64MJ-3P92-589V Cross-site Scripting in Jenkins JUnit Plugin

JUnit Plugin 1119.vaa5e9068dad7 and earlier does not escape descriptions of test results. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Run/Update permission. JUnit Plugin 1119.1121.vc43d0fc45561 applies the configured markup formatter to descriptio...

Jenkins JUnit Plugin Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products. Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins JUnit Plugin 1119.vaa5e9068dad7...

CVE-2022-34176

Jenkins JUnit Plugin 1119.vaa5e9068dad7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Run/Update permission...

CVE-2022-34176

Jenkins JUnit Plugin 1119.vaa5e9068dad7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Run/Update permission...

Cross site scripting

Jenkins JUnit Plugin 1119.vaa5e9068dad7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Run/Update permission...

CVE-2022-34176

Jenkins JUnit Plugin 1119.vaa5e9068dad7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Run/Update permission...

CVE-2022-34176

CVE-2022-34176 affects Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier. The issue is a stored cross-site scripting (XSS) vulnerability caused by the plugin not escaping descriptions of test results, enabling exploitation by attackers with Run/Update permission. Public reports show a Medium...

GHSA-4RJ6-9PJH-882R Improper Restriction of XML External Entity Reference in Jenkins JUnit Plugin

Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...

GHSA-X9GM-M8PP-54VX Jenkins JUnit Plugin CSRF vulnerability

A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result...

Jenkins JUnit Plugin CSRF vulnerability

A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result...

CVE-2018-1000411

A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result...