Lucene search
+L

155 matches found

CNVD
CNVD
added 2020/10/21 12:0 a.m.5 views

CloudBees Jenkins Copy data to workspace Plugin Arbitrary File Read Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An arbitrary file read...

6.5CVSS6.9AI score0.01704EPSS
Exploits0References1
NVD
NVD
added 2020/10/08 1:15 p.m.38 views

CVE-2020-2290

Jenkins Active Choices Plugin 2.4 and earlier does not escape some return values of sandboxed scripts for Reactive Reference Parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

5.4CVSS0.00903EPSS
Exploits0References2
NVD
NVD
added 2020/10/08 1:15 p.m.27 views

CVE-2020-2289

Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

5.4CVSS0.00911EPSS
Exploits0References2
OSV
OSV
added 2020/10/08 1:15 p.m.19 views

CVE-2020-2290

Jenkins Active Choices Plugin 2.4 and earlier does not escape some return values of sandboxed scripts for Reactive Reference Parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

5.4CVSS5.5AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/10/08 12:0 a.m.9 views

PT-2020-15519 · Jenkins · Jenkins Active Choices Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Active Choices Plugin versions 2.4 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability because the name and description of build parameters are not properly escaped. This vulnerability can be...

5.4CVSS5.2AI score0.00911EPSS
Exploits0References8
CNVD
CNVD
added 2020/09/18 12:0 a.m.5 views

CloudBees Jenkins Perfecto Arbitrary Command Execution Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . Jenkins Perfecto plugin versi...

8.8CVSS7.3AI score0.01357EPSS
Exploits0References1
NVD
NVD
added 2020/09/16 2:15 p.m.22 views

CVE-2020-2270

Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

5.4CVSS0.0072EPSS
Exploits0References2
OSV
OSV
added 2020/09/16 2:15 p.m.18 views

CVE-2020-2266

Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

5.4CVSS5.5AI score
Exploits0References2
Prion
Prion
added 2020/09/16 2:15 p.m.10 views

Cross site scripting

Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

3.5CVSS5.3AI score0.00735EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/09/16 1:20 p.m.63 views

CVE-2020-2263

The CVE-2020-2263 entry concerns Jenkins Radiator View Plugin (versions ≤ 1.29). The issue is a stored XSS caused by the plugin not escaping the full job name in tooltips, which could be exploited by attackers who have Job/Configure permission. The vulnerability affects the plugin as described in...

5.4CVSS5.2AI score0.00735EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/09/16 12:0 a.m.7 views

PT-2020-15491 · Jenkins · Jenkins Description Column Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Description Column Plugin versions 1.3 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the job description in the column tooltip is not properly escaped. Attackers wit...

8CVSS5.1AI score0.00735EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2020/09/16 12:0 a.m.8 views

PT-2020-15504 · Jenkins · Jenkins Copy Data To Workspace Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Copy data to workspace Plugin versions 1.0 and earlier Description: The issue allows attackers with Job/Configure permission to read arbitrary files on the Jenkins controller due to a lack of limitation on which directories can be...

6.5CVSS6.3AI score0.01704EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2020/09/16 12:0 a.m.7 views

PT-2020-15486 · Jenkins · Jenkins Perfecto Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Perfecto Plugin versions 1.17 and earlier Description: The issue allows attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller. This is possible because the Perfecto Plugin executes a command on th...

8.8CVSS8.8AI score0.01357EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2020/09/16 12:0 a.m.6 views

PT-2020-15481 · Jenkins · Jenkins Pipeline Maven Integration Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline Maven Integration Plugin versions 3.9.2 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the upstream job's display name shown as part of a build cause is not...

5.4CVSS5.1AI score0.00735EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2020/09/16 12:0 a.m.7 views

PT-2020-15505 · Jenkins · Jenkins Selection Tasks Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Selection tasks Plugin version 1.0 and earlier Description: The issue allows attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running a...

9CVSS8.8AI score0.01623EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2020/09/16 12:0 a.m.6 views

PT-2020-15488 · Jenkins · Jenkins Radiator View Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Radiator View Plugin versions 1.29 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the full name of jobs in tooltips is not properly escaped, allowing attackers with...

8CVSS5.2AI score0.00735EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2020/09/16 12:0 a.m.8 views

PT-2020-15507 · Jenkins · Jenkins Storable Configs Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Storable Configs Plugin versions 1.0 and earlier Description: The issue allows attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content, due to the lack of...

6.5CVSS6.3AI score0.01414EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2020/08/27 10:15 a.m.9 views

jenkins-2-plugins/matrix-auth: Stored XSS vulnerability in Matrix Authorization Strategy Plugin

A flaw was found in the Matrix Authorization Strategy Plugin version 2.6.1 and prior. User names are not escaped in the permission table which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure, Job/Configure, or Overall/Administer permissions fo...

5.4CVSS6.9AI score0.00919EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/08/18 5:4 a.m.5 views

jenkins-2-plugins/matrix-auth: Stored XSS vulnerability in Matrix Authorization Strategy Plugin

A flaw was found in the Matrix Authorization Strategy Plugin version 2.6.1 and prior. User names are not escaped in the permission table which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure, Job/Configure, or Overall/Administer permissions fo...

5.4CVSS6.9AI score0.00919EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2020/07/15 9:7 p.m.26 views

CVE-2020-2226

A flaw was found in the Matrix Authorization Strategy Plugin version 2.6.1 and prior. User names are not escaped in the permission table which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure, Job/Configure, or Overall/Administer permissions fo...

3.5CVSS1.8AI score0.00919EPSS
Exploits0References3
Rows per page
Query Builder