20 matches found
RHCOS 3 : OpenShift Container Platform 3.11 (RHSA-2020:3541)
The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3541 advisory. - jenkins-jira-plugin: plugin information disclosure CVE-2019-16541 - openshift-ansible: cors allowed origin allows changing url...
RHCOS 4 : OpenShift Container Platform 4.6.1 (RHSA-2020:4297)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4297 advisory. - jenkins-jira-plugin: plugin information disclosure CVE-2019-16541 - jenkins-2-plugins/mailer: Missing hostname validation in Maile...
CVE-2023-49653
Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to...
EUVD-2022-3327
Malicious code in bioql PyPI...
EUVD-2022-3816
Malicious code in bioql PyPI...
EUVD-2023-3018
Malicious code in bioql PyPI...
The vulnerability of the Jenkins JIRA plugin, related to deficiencies in access control, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the Jenkins JIRA plugin is related to deficiencies in access control, resulting from incorrect context determination for searching user credentials. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...
CVE-2023-24438
A missing permission check in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkin...
Jira: Stored XSS vulnerabilities in Jenkins Jira plugin
A flaw was found in the Jenkins Jira plugin. The Jenkins Jira plugin does not escape the name and description of a Jira Issue and Jira Release Version parameters on views displaying parameters. This issue results in a stored Cross-site scripting XSS vulnerability exploitable by attackers with...
Jira: Stored XSS vulnerabilities in Jenkins Jira plugin
A flaw was found in the Jenkins Jira plugin. The Jenkins Jira plugin does not escape the name and description of a Jira Issue and Jira Release Version parameters on views displaying parameters. This issue results in a stored Cross-site scripting XSS vulnerability exploitable by attackers with...
CVE-2022-29041
Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-29041
Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
PT-2022-19381 · Jenkins · Jenkins Jira Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Jira Plugin versions 3.7 and earlier, except version 3.6.1 Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the Jenkins Jira Plugin does not escape the name and description of Jir...
Jenkins Jira Plugin 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that suffers from a cross-site scripting vulnerability that stems from the application not escaping the names and descriptions of the Jira Issue and Jira Release Version...
CVE-2022-28136
A cross-site request forgery CSRF vulnerability in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...
jenkins-jira-plugin: plugin information disclosure
Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct folder scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.6.1 package security update
An update for jenkins-2-plugins, openshift-clients, podman, runc, and skopeo is now available for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...
Information Disclosure
jenkins-jira-plugin is vulnerable to information disclosure. The scope for per-folder Jira site definitions is not properly declared, allowing users to select and use credentials with System scope...
The vulnerability of the Jenkins JIRA plugin, related to deficiencies in the separation of controlled areas within the system, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Jenkins JIRA plugin is related to deficiencies in the system’s controlled areas. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
PT-2019-4454 · Jenkins · Jenkins Jira Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins JIRA Plugin versions 3.0.10 and earlier Description: The issue is related to the incorrect declaration of the scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope. This can lead to...