15 matches found
EUVD-2022-3417
Malicious code in bioql PyPI...
CVE-2023-28679
Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...
CVE-2019-10347
Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system...
GHSA-H9H3-JX58-6HQQ Jenkins Mashup Portlets Plugin vulnerable to stored cross-site scripting
Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression. This results in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...
Jenkins Mashup Portlets Plugin vulnerable to stored cross-site scripting
Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression. This results in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...
CVE-2023-28679
Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...
Cross site scripting
Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...
CVE-2023-28679
Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...
CVE-2023-28679
Summary: CVE-2023-28679 affects Jenkins Mashup Portlets Plugin (versions ≤ 1.1.2). The vulnerability is a stored cross-site scripting (XSS) flaw introduced by the Generic JS Portlet feature, which allows a user to populate a portlet with a custom JavaScript expression. The issue can be exploited ...
CVE-2023-28679
Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...
PT-2023-21898 · Jenkins · Jenkins Mashup Portlets Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Mashup Portlets Plugin versions 1.1.2 and earlier Description: The issue is related to the "Generic JS Portlet" feature, which allows users to populate a portlet using a custom JavaScript expression. This results in a stored cross-sit...
Unspecified Vulnerability in CloudBees Jenkins Mashup Portlets Plugin
CloudBees Jenkins Hudson Labs is a set of Java-based development of the United States CloudBees continuous integration tools. The product is mainly used to monitor the continuous software version of the release/testing project and some timed execution of the task . Mashup Portlets Plugin is used ...
CVE-2019-10347
The CVE-2019-10347 issue affects the Jenkins Mashup Portlets Plugin (e.g., CloudBees Jenkins Mashup Portlets) where credentials are stored in plaintext on the Jenkins master filesystem. Root cause per sources is unencrypted credential storage that allows users with master-file-system access to vi...
CVE-2019-10347
Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system...
PT-2019-11746 · Jenkins · Jenkins Mashup Portlets Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Mashup Portlets Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner on the Jenkins master, making them accessible to users with file system access. Recommendations...