332 matches found
Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI
XML external entity XXE vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job...
Jenkins Cloud Foundry Plugin vulnerable to exposure of sensitive information
\Jenkins Cloud Foundry Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials...
Jenkins Slack Notification Plugin missing permission check
Jenkins Slack Notification Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...
Improper Synchronization in Jenkins Convertigo Mobile Platform Plugin
Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured...
CVE-2022-25210
Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured...
CVE-2022-25210
Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured...
CVE-2022-25210
Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured...
Design/Logic Flaw
Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured...
PT-2021-14710 · Jenkins · Jenkins Scriptler Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Scriptler Plugin versions 3.2 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This is due to the plugin not escaping parameter names shown in job configuration forms. Attackers with...
CVE-2020-2161
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels...
PT-2020-15552 · Jenkins Ci +1 · Jenkins Mail Commander Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Mail Commander Plugin for Jenkins-ci Plugin version 1.0.0 and earlier Description: The issue concerns the storage of passwords in an unencrypted manner in job config.xml files on the Jenkins controller. These passwords can be accessed...
CVE-2020-2263
Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
Cross-site Scripting (XSS)
jenkins is vulnerable to cross-site scripting XSS. The vulnerability exists as Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages...
PT-2020-15422 · Jenkins · Jenkins Slack Upload Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Slack Upload Plugin versions 1.7 and earlier Description: The issue allows users with Extended Read permission, or access to the master file system, to view a secret stored unencrypted in job config.xml files on the Jenkins master...
PT-2020-15428 · Jenkins · Jenkins White Source Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins White Source Plugin versions 19.1.1 and earlier Jenkins White Source Plugin versions prior to 20.8.1 Description: The issue allows credentials to be stored unencrypted in the global configuration file and in job config.xml files on th...
jenkins: XSS in job configuration pages
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels...
jenkins: XSS in job configuration pages
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels...
jenkins: XSS in job configuration pages
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels...
PT-2020-15411 · Jenkins · Jenkins Project Inheritance Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Project Inheritance Plugin versions 21.04.03 and earlier Jenkins Project Inheritance Plugin version 19.08.02 and earlier Description: The issue allows access to Inheritance Project job configurations in XML format without requiring th...
CVE-2020-2161
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels...