155 matches found
CloudBees Jenkins Copy data to workspace Plugin Arbitrary File Read Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An arbitrary file read...
CVE-2020-2290
Jenkins Active Choices Plugin 2.4 and earlier does not escape some return values of sandboxed scripts for Reactive Reference Parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
CVE-2020-2289
Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
CVE-2020-2290
Jenkins Active Choices Plugin 2.4 and earlier does not escape some return values of sandboxed scripts for Reactive Reference Parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
PT-2020-15519 · Jenkins · Jenkins Active Choices Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Active Choices Plugin versions 2.4 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability because the name and description of build parameters are not properly escaped. This vulnerability can be...
CloudBees Jenkins Perfecto Arbitrary Command Execution Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . Jenkins Perfecto plugin versi...
CVE-2020-2270
Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
CVE-2020-2266
Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
Cross site scripting
Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
CVE-2020-2263
The CVE-2020-2263 entry concerns Jenkins Radiator View Plugin (versions ≤ 1.29). The issue is a stored XSS caused by the plugin not escaping the full job name in tooltips, which could be exploited by attackers who have Job/Configure permission. The vulnerability affects the plugin as described in...
PT-2020-15491 · Jenkins · Jenkins Description Column Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Description Column Plugin versions 1.3 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the job description in the column tooltip is not properly escaped. Attackers wit...
PT-2020-15504 · Jenkins · Jenkins Copy Data To Workspace Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Copy data to workspace Plugin versions 1.0 and earlier Description: The issue allows attackers with Job/Configure permission to read arbitrary files on the Jenkins controller due to a lack of limitation on which directories can be...
PT-2020-15486 · Jenkins · Jenkins Perfecto Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Perfecto Plugin versions 1.17 and earlier Description: The issue allows attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller. This is possible because the Perfecto Plugin executes a command on th...
PT-2020-15481 · Jenkins · Jenkins Pipeline Maven Integration Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline Maven Integration Plugin versions 3.9.2 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the upstream job's display name shown as part of a build cause is not...
PT-2020-15505 · Jenkins · Jenkins Selection Tasks Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Selection tasks Plugin version 1.0 and earlier Description: The issue allows attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running a...
PT-2020-15488 · Jenkins · Jenkins Radiator View Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Radiator View Plugin versions 1.29 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the full name of jobs in tooltips is not properly escaped, allowing attackers with...
PT-2020-15507 · Jenkins · Jenkins Storable Configs Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Storable Configs Plugin versions 1.0 and earlier Description: The issue allows attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content, due to the lack of...
jenkins-2-plugins/matrix-auth: Stored XSS vulnerability in Matrix Authorization Strategy Plugin
A flaw was found in the Matrix Authorization Strategy Plugin version 2.6.1 and prior. User names are not escaped in the permission table which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure, Job/Configure, or Overall/Administer permissions fo...
jenkins-2-plugins/matrix-auth: Stored XSS vulnerability in Matrix Authorization Strategy Plugin
A flaw was found in the Matrix Authorization Strategy Plugin version 2.6.1 and prior. User names are not escaped in the permission table which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure, Job/Configure, or Overall/Administer permissions fo...
CVE-2020-2226
A flaw was found in the Matrix Authorization Strategy Plugin version 2.6.1 and prior. User names are not escaped in the permission table which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure, Job/Configure, or Overall/Administer permissions fo...