Lucene search
K

218 matches found

RedHat Linux
RedHat Linux
added 2023/01/12 4:49 p.m.5 views

jenkins-plugin/junit: Stored XSS vulnerability in JUnit Plugin

A flaw was found in the JUnit Jenkins plugin. The manipulation with an unknown input leads to a Cross-site scripting vulnerability, impacting the integrity. This flaw allows an attacker to inject arbitrary HTML and script code into the website...

5.4CVSS5.9AI score0.76878EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/11/16 12:0 p.m.28 views

Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion

JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links. This is done in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. JUnit Plugin 1160.vf1f01aaeab7f no long...

5.4CVSS5.3AI score0.00617EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/11/16 12:0 p.m.27 views

GHSA-298R-5C48-7Q2R Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion

JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links. This is done in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. JUnit Plugin 1160.vf1f01aaeab7f no long...

8CVSS6.5AI score0.00617EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2022/11/16 2:56 a.m.49 views

CVE-2022-45380

A flaw was found in the JUnit Jenkins Plugin. The affected version of the JUnit plugin converts HTTPS URLs in test report output to clickable links, which leads to a stored Cross-site scripting XSS attack...

8CVSS6.6AI score0.00617EPSS
Exploits0References4
NVD
NVD
added 2022/11/15 8:15 p.m.18 views

CVE-2022-45380

Jenkins JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS0.00617EPSS
Exploits0References2
OSV
OSV
added 2022/11/15 8:15 p.m.26 views

CVE-2022-45380

Jenkins JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.2AI score
Exploits0References2
Prion
Prion
added 2022/11/15 8:15 p.m.31 views

Cross site scripting

Jenkins JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

4.9CVSS5.2AI score0.00617EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/15 12:0 a.m.4 views

PT-2022-27482 · Jenkins · Jenkins Junit Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins JUnit Plugin versions 1159.v0b 396e1e07dd and earlier Description: The issue is related to the conversion of HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS...

8CVSS5AI score0.00617EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/11/15 12:0 a.m.4 views

Jenkins Plugin JUnit 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is an application software. A cross-site scripting...

5.4CVSS5.5AI score0.00617EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2022/11/15 12:0 a.m.9 views

CVE-2022-45380

Jenkins JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.7AI score0.00617EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/15 12:0 a.m.38 views

CVE-2022-45380

Jenkins JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.5AI score0.00617EPSS
Exploits0References2
CVE
CVE
added 2022/11/15 12:0 a.m.462 views

CVE-2022-45380

CVE-2022-45380 affects Jenkins JUnit Plugin (1159.v0b_396e1e07dd and earlier). The issue: test report output URLs are converted to HTTP(S) links in an unsafe way, enabling stored XSS. Exploitation requires Item/Configure permission. Affected versions and root cause are described in the CVE entry ...

5.4CVSS5.2AI score0.00617EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2022/11/15 12:0 a.m.31 views

CVE-2022-45380

Jenkins JUnit Plugin 1159.v0b396e1e07dd and earlier converts HTTPS URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS0.2AI score0.00617EPSS
Exploits0References2
Spring Security Advisories
Spring Security Advisories
added 2022/11/08 8:0 a.m.14 views

This Week in Spring - November 8th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Ive been busy this last week! Ive been visiting with customers and talking to the community here in South East Asia. I was in Malaysia last week, and now Im in Bangkok, Thailand. Im near the end of my time here in SE Asia,...

0.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2022/10/26 12:0 a.m.3 views

Jenkins JUnit Plugin Cross-Site Scripting (CVE-2022-34176)

A stored cross-site scripting vulnerability exists in Jenkins JUnit Plugin. The vulnerability is due to the JUnit plugin not escaping the description parameter of the build run test result...

3.5CVSS1.7AI score0.76878EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/10/04 10:17 p.m.6 views

be.zvz:KotlinInside (>=1.14.0 <=1.14.6), com.google.protobuf:protobuf-kotlin-lite (>=3.20.0 <=3.20.2) +8 more potentially affected by CVE-2022-3171 via com.google.protobuf:protobuf-javalite (>=3.20.0-rc-1 <=3.20.2)

com.google.protobuf:protobuf-javalite MAVEN version =3.20.0-rc-1, =1.14.0, =3.20.0, =2.12.0, =2.12.0, =2.3.0, =0.2.4, =0.2.6 - io.github.dimensiondev:maskwalletcore =0.5.0 Source cves: CVE-2022-3171 Source advisory: OSV:GHSA-H4H5-3HR4-J3G2...

7.5CVSS6.7AI score0.01048EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2022/09/21 2:3 p.m.4 views

jenkins-plugin/junit: Stored XSS vulnerability in JUnit Plugin

A flaw was found in the JUnit Jenkins plugin. The manipulation with an unknown input leads to a Cross-site scripting vulnerability, impacting the integrity. This flaw allows an attacker to inject arbitrary HTML and script code into the website...

5.4CVSS5.9AI score0.76878EPSS
Exploits0References5
Spring Security Advisories
Spring Security Advisories
added 2022/09/13 7:0 a.m.16 views

This Week in Spring - September 13th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Weve got a lot of good stuff to get to so lets dive right into it! A Bootiful Podcast: Hashicorps Rosemary Wang on securing the intersection of apps and ops with Hashicorp Vault a nice video by my colleague Dan Vega: Spring...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/07/15 12:0 a.m.336 views

Jenkins plugins Multiple Vulnerabilities (2022-06-22)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Multiple cross-site scripting XSS vulnerabilities in Jenkins 2.355 and earlier, LTS 2.332.3 and earlier allow attackers to inject HTML and...

9.1CVSS6.6AI score0.76878EPSS
Exploits0References45
Tenable Nessus
Tenable Nessus
added 2022/07/15 12:0 a.m.196 views

Jenkins LTS < 2.332.4 / Jenkins weekly < 2.356 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.332.4 or Jenkins weekly prior to 2.356. It is, therefore, affected by multiple vulnerabilities: - Multiple cross-site scripting XSS vulnerabilities in Jenkins 2.355...

9.1CVSS6.6AI score0.76878EPSS
Exploits0References45
Rows per page
Query Builder