Lucene search
K

7 matches found

RedHat Linux
RedHat Linux
added 2020/01/23 4:30 a.m.4 views

jenkins: Stored XSS vulnerability in queue item tooltip

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expressions not matching any idle executor...

5.4CVSS6AI score0.01033EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/01/23 4:30 a.m.5 views

jenkins: Stored XSS vulnerability in expandable textbox form control

In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents typically Job/Configure...

5.4CVSS6AI score0.01033EPSS
Exploits0References4
OSV
OSV
added 2019/09/25 4:15 p.m.14 views

CVE-2019-10401

In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents typically Job/Configure...

5.4CVSS5.4AI score
Exploits0References2
Prion
Prion
added 2019/09/25 4:15 p.m.19 views

Cross site scripting

In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents...

3.5CVSS5AI score0.01033EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/09/25 3:5 p.m.132 views

CVE-2019-10401

CVE-2019-10401 corresponds to a stored XSS in Jenkins up to 2.196 and LTS 2.176.3 due to the f:expandableTextBox form control interpreting content as HTML, allowing exploitation by users who can define its contents (e.g., Job/Configure). Connected sources confirm the exact vulnerable component an...

5.4CVSS4.9AI score0.01033EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/09/25 3:5 p.m.20 views

CVE-2019-10402

In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents...

5.1AI score0.01033EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/09/25 12:0 a.m.3 views

PT-2019-11799 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.196 and earlier, LTS versions 2.176.3 and earlier Description: The issue allows attackers to obtain the HTTP session cookie, despite it being marked HttpOnly, by exploiting another XSS vulnerability and accessing the /whoAm...

5.4CVSS4.7AI score0.65753EPSS
Exploits0References7
Rows per page
Query Builder