7 matches found
EUVD-2022-5637
Malicious code in bioql PyPI...
EUVD-2022-5097
Malicious code in bioql PyPI...
SUSE CVE-2018-1000146
An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM...
SUSE CVE-2018-1999005
A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other us...
GHSA-GFHJ-524Q-GCRM Stored XSS vulnerability in Jenkins console links
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the href attribute of links to downstream jobs displayed in the build console page. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Job/Configure permission. Jenkins 2.245, LTS 2.235.2...
CVE-2015-1806
The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors...
PT-2014-5441 · Cloudbees +1 · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 1.583 Jenkins LTS versions prior to 1.565.3 Description: The issue allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions. This can lead to the creation or destruction of...