16 matches found
EUVD-2022-5612
Malicious code in bioql PyPI...
FreeBSD : jenkins -- multiple vulnerabilities (45276ea6-1653-4240-9986-ccfc6fec7ece)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 45276ea6-1653-4240-9986-ccfc6fec7ece advisory. Jenkins Security Advisory: Missing permission check allows retrieving agent configurations...
Moderate: Red Hat Bug Fix Advisory: Release of Bug Advisories for the OpenShift Jenkins and Jenkins agent base image
Release of Bug Advisories for the OpenShift Jenkins image and Jenkins agent base image Release of Bug Advisories for the OpenShift Jenkins image and Jenkins agent base image...
Moderate: Red Hat Bug Fix Advisory: Release of Bug Advisories for the Jenkins image and Jenkins agent base image
Release of Bug Advisories for the OpenShift Jenkins image and Jenkins agent base image Release of Bug Advisories for the OpenShift Jenkins image and Jenkins agent base image...
GHSA-8847-XVJW-9G43 XXE vulnerability on agents in Jenkins OSF Builder Suite : : XML Linter Plugin
OSF Builder Suite : : XML Linter 1.0.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control XML files that get processed by the 'OSF Builder Suite : : XML Linter' build step to have agent processes parse a crafted file tha...
GHSA-H4WX-78P9-FWXW XXE vulnerability on agents in Jenkins SourceMonitor Plugin
SourceMonitor Plugin 0.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control XML input files for the 'Publish SourceMonitor results' post-build step to have agent processes parse a crafted file that uses external entities...
Cross-site Scripting in Jenkins Agent Server Parameter Plugin
Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of this...
Cross site scripting
Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34183
CVE-2022-34183 : Jenkins Agent Server Parameter Plugin (versions ≤1.1) is vulnerable to a stored cross-site scripting (XSS) flaw. The name and description of Agent Server parameters are not escaped on parameter-display views, allowing attackers with Item/Configure permission to inject script via ...
GHSA-M9HR-259F-2V23 Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes. Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow agent processes to read and write arbitrary...
Jenkins 360 FireLine Plugin vulnerable to XML External Entity Reference
An XML external entities XXE vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks. Note: Jenkins ha...
Information Disclosure
jenkins-2-plugins is vulnerable to information disclosure. The vulnerability exists due to the lack of restriction of the name of a file when looking up a subversion key file on the controller from an agent...
CVE-2020-10138
Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkinsagent. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can...
CVE-2019-10337
An XML external entities XXE vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side...
XML External Entity (XXE)
Jenkins Token Macro Plugin is vulnerable to XML external entity attacks. A remote, unauthenticated attacker could control the content of the input file for the "XML" macro to have Jenkins resolve external entities and exploit of the flawed XML Data Handler component resulting in the extraction of...
CVE-2019-10337
CVE-2019-10337 concerns an XML External Entity (XXE) vulnerability in the Jenkins Token Macro Plugin (versions 2.7 and earlier). The root cause is XXE processing when the ${XML} macro processes input, allowing an attacker who can influence the input file to trigger external entity resolution. Doc...