12 matches found
CVE-2026-42521
Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 both inclusive invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategies, without restricting the classes that can be instantiated, allowing attackers with Item/Configure...
PT-2026-35915
Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 both inclusive invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategies, without restricting the classes that can be instantiated, allowing attackers with Item/Configure...
EUVD-2022-3304
Malicious code in bioql PyPI...
GHSA-VR6V-WJFW-RXCR Stored XSS vulnerability in Jenkins Matrix Authorization Strategy Plugin
Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the permission table. This results in a stored cross-site scripting XSS vulnerability. When using project-based matrix authorization, this vulnerability can be exploited by a user with Job/Configure or...
jenkins-2-plugins/matrix-auth: Incorrect permission checks in Matrix Authorization Strategy Plugin
A flaw was found in Jenkins Matrix Authorization Strategy Plugin. The jenkins plugin does not correctly perform permission checks, as consequences this allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders. The highest...
Jenkins Matrix Authorization Strategy Access Control Error Vulnerability
Jenkins Matrix Authorization Strategy is a Jenkins open source application plugin . The plug-in in Jenkins to achieve fine-grained access control . An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permissions to nested...
Jenkins Matrix Authorization Strategy 安全漏洞
Jenkins Matrix Authorization Strategy is a Jenkins open source application plugin . The plug-in in Jenkins to achieve fine-grained access control . An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permissions to nested...
jenkins-2-plugins/matrix-auth: Stored XSS vulnerability in Matrix Authorization Strategy Plugin
A flaw was found in the Matrix Authorization Strategy Plugin version 2.6.1 and prior. User names are not escaped in the permission table which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure, Job/Configure, or Overall/Administer permissions fo...
jenkins-2-plugins/matrix-auth: Stored XSS vulnerability in Matrix Authorization Strategy Plugin
A flaw was found in the Matrix Authorization Strategy Plugin version 2.6.1 and prior. User names are not escaped in the permission table which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure, Job/Configure, or Overall/Administer permissions fo...
jenkins-2-plugins/matrix-auth: Stored XSS vulnerability in Matrix Authorization Strategy Plugin
A flaw was found in the Matrix Authorization Strategy Plugin version 2.6.1 and prior. User names are not escaped in the permission table which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure, Job/Configure, or Overall/Administer permissions fo...
CVE-2020-2226
A flaw was found in the Matrix Authorization Strategy Plugin version 2.6.1 and prior. User names are not escaped in the permission table which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure, Job/Configure, or Overall/Administer permissions fo...
CVE-2020-2226
The CVE-2020-2226 issue affects Jenkins Matrix Authorization Strategy Plugin, version 2.6.1 and earlier, where user names shown in the configuration were not escaped, enabling a stored cross-site scripting (XSS) vulnerability. The vulnerability can be exploited by users with Job/Configure or Agen...