218 matches found
jenkins-plugin/junit: Stored XSS vulnerability in JUnit Plugin
A flaw was found in the JUnit Jenkins plugin. The manipulation with an unknown input leads to a Cross-site scripting vulnerability, impacting the integrity. This flaw allows an attacker to inject arbitrary HTML and script code into the website...
Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion
JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links. This is done in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. JUnit Plugin 1160.vf1f01aaeab7f no long...
GHSA-298R-5C48-7Q2R Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion
JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links. This is done in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. JUnit Plugin 1160.vf1f01aaeab7f no long...
CVE-2022-45380
A flaw was found in the JUnit Jenkins Plugin. The affected version of the JUnit plugin converts HTTPS URLs in test report output to clickable links, which leads to a stored Cross-site scripting XSS attack...
CVE-2022-45380
Jenkins JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-45380
Jenkins JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Cross site scripting
Jenkins JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
PT-2022-27482 · Jenkins · Jenkins Junit Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins JUnit Plugin versions 1159.v0b 396e1e07dd and earlier Description: The issue is related to the conversion of HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS...
Jenkins Plugin JUnit 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is an application software. A cross-site scripting...
CVE-2022-45380
Jenkins JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-45380
Jenkins JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-45380
CVE-2022-45380 affects Jenkins JUnit Plugin (1159.v0b_396e1e07dd and earlier). The issue: test report output URLs are converted to HTTP(S) links in an unsafe way, enabling stored XSS. Exploitation requires Item/Configure permission. Affected versions and root cause are described in the CVE entry ...
CVE-2022-45380
Jenkins JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
This Week in Spring - November 8th, 2022
Hi, Spring fans! Welcome to another installment of This Week in Spring! Ive been busy this last week! Ive been visiting with customers and talking to the community here in South East Asia. I was in Malaysia last week, and now Im in Bangkok, Thailand. Im near the end of my time here in SE Asia,...
Jenkins JUnit Plugin Cross-Site Scripting (CVE-2022-34176)
A stored cross-site scripting vulnerability exists in Jenkins JUnit Plugin. The vulnerability is due to the JUnit plugin not escaping the description parameter of the build run test result...
be.zvz:KotlinInside (>=1.14.0 <=1.14.6), com.google.protobuf:protobuf-kotlin-lite (>=3.20.0 <=3.20.2) +8 more potentially affected by CVE-2022-3171 via com.google.protobuf:protobuf-javalite (>=3.20.0-rc-1 <=3.20.2)
com.google.protobuf:protobuf-javalite MAVEN version =3.20.0-rc-1, =1.14.0, =3.20.0, =2.12.0, =2.12.0, =2.3.0, =0.2.4, =0.2.6 - io.github.dimensiondev:maskwalletcore =0.5.0 Source cves: CVE-2022-3171 Source advisory: OSV:GHSA-H4H5-3HR4-J3G2...
jenkins-plugin/junit: Stored XSS vulnerability in JUnit Plugin
A flaw was found in the JUnit Jenkins plugin. The manipulation with an unknown input leads to a Cross-site scripting vulnerability, impacting the integrity. This flaw allows an attacker to inject arbitrary HTML and script code into the website...
This Week in Spring - September 13th, 2022
Hi, Spring fans! Welcome to another installment of This Week in Spring! Weve got a lot of good stuff to get to so lets dive right into it! A Bootiful Podcast: Hashicorps Rosemary Wang on securing the intersection of apps and ops with Hashicorp Vault a nice video by my colleague Dan Vega: Spring...
Jenkins plugins Multiple Vulnerabilities (2022-06-22)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Multiple cross-site scripting XSS vulnerabilities in Jenkins 2.355 and earlier, LTS 2.332.3 and earlier allow attackers to inject HTML and...
Jenkins LTS < 2.332.4 / Jenkins weekly < 2.356 Multiple Vulnerabilities
According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.332.4 or Jenkins weekly prior to 2.356. It is, therefore, affected by multiple vulnerabilities: - Multiple cross-site scripting XSS vulnerabilities in Jenkins 2.355...