4 matches found
GHSA-5MWR-JG3R-JV66 Jenkins allows Cross-Site Scripting (XSS)
Cross-site scripting XSS vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message...
GHSA-5XMF-9VGR-53MJ Jenkins allows Unauthorized Viewing of Queue API Information
Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api...
GHSA-89VC-7FRQ-2RFJ Jenkins has Local File Inclusion Vulnerability
Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/...
jenkins: Information disclosure via sidepanel (SECURITY-192)
The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages...