Lucene search
K

332 matches found

Github Security Blog
Github Security Blog
added 2022/05/13 1:30 a.m.6 views

Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI

XML external entity XXE vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job...

5CVSS6.7AI score0.02291EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:15 a.m.19 views

Jenkins Cloud Foundry Plugin vulnerable to exposure of sensitive information

\Jenkins Cloud Foundry Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials...

8.8CVSS6.5AI score0.01348EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:15 a.m.19 views

Jenkins Slack Notification Plugin missing permission check

Jenkins Slack Notification Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

7.5CVSS6.5AI score0.0146EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/16 12:1 a.m.31 views

Improper Synchronization in Jenkins Convertigo Mobile Platform Plugin

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured...

6.5CVSS4.2AI score0.00796EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/02/15 5:15 p.m.4 views

CVE-2022-25210

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured...

6.5CVSS6.6AI score0.00796EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/02/15 5:15 p.m.10 views

CVE-2022-25210

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured...

6.5CVSS6.6AI score0.00796EPSS
Exploits0References2
NVD
NVD
added 2022/02/15 5:15 p.m.25 views

CVE-2022-25210

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured...

6.5CVSS0.00796EPSS
Exploits0References1
Prion
Prion
added 2022/02/15 5:15 p.m.15 views

Design/Logic Flaw

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static fields to store job configuration information, allowing attackers with Item/Configure permission to capture passwords of the jobs that will be configured...

4CVSS6.3AI score0.00796EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/06/16 12:0 a.m.7 views

PT-2021-14710 · Jenkins · Jenkins Scriptler Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Scriptler Plugin versions 3.2 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This is due to the plugin not escaping parameter names shown in job configuration forms. Attackers with...

5.4CVSS5.2AI score0.75742EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2021/06/13 1:4 a.m.98 views

CVE-2020-2161

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels...

5.4CVSS2.7AI score0.01237EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2020/11/04 12:0 a.m.5 views

PT-2020-15552 · Jenkins Ci +1 · Jenkins Mail Commander Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Mail Commander Plugin for Jenkins-ci Plugin version 1.0.0 and earlier Description: The issue concerns the storage of passwords in an unencrypted manner in job config.xml files on the Jenkins controller. These passwords can be accessed...

6.5CVSS6.4AI score0.01032EPSS
Exploits0References7
OSV
OSV
added 2020/09/16 2:15 p.m.16 views

CVE-2020-2263

Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

5.4CVSS5.5AI score
Exploits0References2
Veracode
Veracode
added 2020/08/06 9:33 p.m.22 views

Cross-site Scripting (XSS)

jenkins is vulnerable to cross-site scripting XSS. The vulnerability exists as Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages...

5.4CVSS1.7AI score0.01237EPSS
Exploits0References2Affected Software27
Positive Technologies
Positive Technologies
added 2020/07/02 12:0 a.m.9 views

PT-2020-15422 · Jenkins · Jenkins Slack Upload Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Slack Upload Plugin versions 1.7 and earlier Description: The issue allows users with Extended Read permission, or access to the master file system, to view a secret stored unencrypted in job config.xml files on the Jenkins master...

4.3CVSS4.3AI score0.00691EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2020/07/02 12:0 a.m.6 views

PT-2020-15428 · Jenkins · Jenkins White Source Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins White Source Plugin versions 19.1.1 and earlier Jenkins White Source Plugin versions prior to 20.8.1 Description: The issue allows credentials to be stored unencrypted in the global configuration file and in job config.xml files on th...

4.3CVSS4.3AI score0.00691EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2020/06/17 8:23 p.m.4 views

jenkins: XSS in job configuration pages

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels...

5.4CVSS6.1AI score0.01237EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/06/17 7:44 p.m.2 views

jenkins: XSS in job configuration pages

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels...

5.4CVSS6.1AI score0.01237EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/06/17 7:38 p.m.4 views

jenkins: XSS in job configuration pages

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels...

5.4CVSS6.1AI score0.01237EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2020/06/03 12:0 a.m.6 views

PT-2020-15411 · Jenkins · Jenkins Project Inheritance Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Project Inheritance Plugin versions 21.04.03 and earlier Jenkins Project Inheritance Plugin version 19.08.02 and earlier Description: The issue allows access to Inheritance Project job configurations in XML format without requiring th...

4.3CVSS4.3AI score0.00647EPSS
Exploits0References5
OSV
OSV
added 2020/03/25 5:15 p.m.17 views

CVE-2020-2161

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels...

5.4CVSS5.6AI score
Exploits0References2
Rows per page
Query Builder