PT-2020-15433 · Jenkins · Jenkins Compatibility Action Storage Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Compatibility Action Storage Plugin versions 1.0 and earlier Description: The issue is related to a reflected cross-site scripting XSS vulnerability. It occurs because the plugin does not escape the content coming from the MongoDB in...

PT-2019-11780 · Jenkins · Jenkins Xl Testview Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins XL TestView Plugin versions 1.2.0 and earlier Description: A cross-site request forgery issue allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturin...

CVE-2019-10331

A cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in ConfigurationdoTestConnection allowed attackers to connect to an attacker-specified URL using attacker-specified credentials...

Jenkins Artifactory Plugin information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the testConnection endpoint of the Jenkins Artifactory Plugin 3.2.0 and 3.2.1. As a result of this vulnerability a crafted HTTP request from a user with Overall/Read permissions - such as an anonymous user, if enabled - can cau...