44 matches found
Jenkins HTML Publisher Plugin 跨站脚本漏洞
The Jenkins HTML Publisher Plugin is an open-source continuous integration plugin developed by Jenkins, designed for publishing and displaying HTML reports generated by builds. The Jenkins HTML Publisher Plugin versions 427 and earlier contained a cross-site scripting vulnerability. This...
CVE-2022-38664
Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure job names...
EUVD-2023-3065
Malicious code in bioql PyPI...
EUVD-2023-1708
Malicious code in bioql PyPI...
EUVD-2022-3067
Malicious code in bioql PyPI...
CVE-2022-34790
Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2021-21682
Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on Windows...
Improper Input Validation
parse-server is vulnerable to Improper Input Validation. The vulnerability is due to insufficient string sanitation for Cloud Function or Cloud Job names, which allows an attacker to crash the server, manipulate internal object storage, or potentially execute arbitrary code...
PT-2024-22680 · Unknown · Parse Server
Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 6.5.5 and 7.0.0-alpha.29 Description: The issue arises when an invalid Parse Server Cloud Function name or Cloud Job name is called, potentially leading to code injection, internal store manipulation, or remote...
GHSA-XRRW-9J78-HPF3 Jenkins HTML Publisher Plugin Stored XSS vulnerability
Jenkins HTML Publisher Plugin 1.32 and earlier does not escape job names, report names, and index page titles shown as part of the report frame, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin
A flaw was found in the Jenkins pipeline-build-step plugin. Affected versions of the pipeline-build-step plugin do not escape job names in a JavaScript expression used in the Pipeline Snippet Generator. This can result in a stored cross-site scripting XSS vulnerability that may allow attackers to...
jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin
A flaw was found in the Jenkins pipeline-build-step plugin. Affected versions of the pipeline-build-step plugin do not escape job names in a JavaScript expression used in the Pipeline Snippet Generator. This can result in a stored cross-site scripting XSS vulnerability that may allow attackers to...
jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin
A flaw was found in the Jenkins pipeline-build-step plugin. Affected versions of the pipeline-build-step plugin do not escape job names in a JavaScript expression used in the Pipeline Snippet Generator. This can result in a stored cross-site scripting XSS vulnerability that may allow attackers to...
PT-2023-30317 · Rundeck · Rundeck
Name of the Vulnerable Software and Affected Versions: Rundeck versions prior to 4.17.3 Description: The issue allows authenticated users to access certain URL paths without necessary authorization checks, providing a list of job names and groups for any project. The affected URLs are...
Rundeck Security Breach
Rundeck is an open source automation service with a web console, command line tools, and WebAPI from Rundeck Inc. in the United States, which is primarily used to run automation tasks. A security vulnerability exists in Rundeck versions 4.17.0 through 4.17.2, which stems from the fact that the jo...
jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin
A flaw was found in the Jenkins pipeline-build-step plugin. Affected versions of the pipeline-build-step plugin do not escape job names in a JavaScript expression used in the Pipeline Snippet Generator. This can result in a stored cross-site scripting XSS vulnerability that may allow attackers to...
jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin
A flaw was found in the Jenkins pipeline-build-step plugin. Affected versions of the pipeline-build-step plugin do not escape job names in a JavaScript expression used in the Pipeline Snippet Generator. This can result in a stored cross-site scripting XSS vulnerability that may allow attackers to...
jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin
A flaw was found in the Jenkins pipeline-build-step plugin. Affected versions of the pipeline-build-step plugin do not escape job names in a JavaScript expression used in the Pipeline Snippet Generator. This can result in a stored cross-site scripting XSS vulnerability that may allow attackers to...
CVE-2023-35146
Jenkins Template Workflows Plugin 41.v32d86a313b4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create jobs...
CVE-2023-35146
Jenkins Template Workflows Plugin 41.v32d86a313b4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create jobs...