GHSA-58CH-C2JF-5G23 Jenkins remote-jobs-view-plugin vulnerable to XML external entity attacks

Jenkins remote-jobs-view-plugin Plugin 0.0.3 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows authenticated attackers with Overall/Read permission to have Jenkins parse a crafted XML document that uses external entities for extraction of secret...

Jenkins remote-jobs-view-plugin vulnerable to XML external entity attacks

Jenkins remote-jobs-view-plugin Plugin 0.0.3 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows authenticated attackers with Overall/Read permission to have Jenkins parse a crafted XML document that uses external entities for extraction of secret...

CVE-2023-28670

Jenkins Pipeline Aggregator View Plugin 1.13 and earlier does not escape a variable representing the current view's URL in inline JavaScript, resulting in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...

Cross site scripting

Jenkins Pipeline Aggregator View Plugin 1.13 and earlier does not escape a variable representing the current view's URL in inline JavaScript, resulting in a stored cross-site scripting XSS vulnerability exploitable by authenticated attackers with Overall/Read permission...

CVE-2023-28684

CVE-2023-28684 affects Jenkins’ remote-jobs-view-plugin (versions 0.0.3 and earlier). The root cause is an XML parser not configured to prevent XML external entity (XXE) attacks. This vulnerability can be exploited by authenticated attackers with Overall/Read permission to have Jenkins parse craf...

CVE-2023-28684

Jenkins remote-jobs-view-plugin Plugin 0.0.3 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

PT-2023-21891 · Jenkins · Jenkins Pipeline Aggregator View Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline Aggregator View Plugin versions 1.13 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because a variable representing the current view's URL is not properly escaped i...

PT-2023-21903 · Jenkins · Jenkins Remote-Jobs-View-Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins remote-jobs-view-plugin Plugin versions 0.0.3 and earlier Description: The issue is related to the XML parser not being configured to prevent XML external entity XXE attacks. This allows authenticated attackers with Overall/Read...

Stored XSS in Week View Plugin

Description Stored cross-site scripting vulnerabilities arise when user input is stored and later embedded into the application's responses in an unsafe way. An attacker can use the vulnerability to inject malicious JavaScript code into the application, which will execute within the browser of an...

Jenkins Dashboard View Plugin Cross-Site Scripting (CVE-2021-21649)

A stored cross-site scripting vulnerability exists in Jenkins Dashboard View Plugin. This vulnerability is due to insufficient validation of user-controlled information...

Jenkins Pipeline: Stage View Plugin allows CSRF protection bypass of any target URL in Jenkins

Jenkins Pipeline: Stage View Plugin provides a visualization of Pipeline builds. It also allows users to interact with input steps from Pipeline: Input Step Plugin. Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of input steps when using it to generate URLs to proce...

GHSA-G975-F26H-93G8 Jenkins Pipeline: Stage View Plugin allows CSRF protection bypass of any target URL in Jenkins

Jenkins Pipeline: Stage View Plugin provides a visualization of Pipeline builds. It also allows users to interact with input steps from Pipeline: Input Step Plugin. Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of input steps when using it to generate URLs to proce...

CVE-2022-43408

Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF...

Cross site request forgery (csrf)

Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF...

CVE-2022-43408

Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF...

CVE-2022-43408

CVE-2022-43408 affects Jenkins Pipeline: Stage View Plugin (versions 2.26 and earlier). The vulnerability arises because the plugin does not correctly encode the ID of input steps when generating URLs to proceed/abort builds, allowing configured Pipelines to specify input step IDs that bypass CSR...

CVE-2022-43408

Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctly encode the ID of 'input' steps when using it to generate URLs to proceed or abort Pipeline builds, allowing attackers able to configure Pipelines to specify 'input' step IDs resulting in URLs that would bypass the CSRF...

io.dataease:dataease-plugin-datasource (>=1.10.0 <=1.11.1), io.dataease:dataease-plugin-interface (>=1.0 <=1.11.1) +1 more potentially affected by CVE-2022-34115 via io.dataease:dataease-plugin-common (>=1.0 <=1.11.1)

io.dataease:dataease-plugin-common MAVEN version =1.0, =1.10.0, =1.0, =1.10.0, =1.11.1 Source cves: CVE-2022-34115 Source advisory: OSV:GHSA-VJMR-6PMM-RPRF...

Reflected Cross-site Scripting in Jenkins Nested View Plugin

Jenkins Nested View Plugin 1.20 through 1.25 both inclusive does not escape search parameters, resulting in a reflected cross-site scripting XSS vulnerability. Nested View Plugin 1.26 escapes search parameters...

GHSA-H642-5H74-3X9C Reflected Cross-site Scripting in Jenkins Nested View Plugin

Jenkins Nested View Plugin 1.20 through 1.25 both inclusive does not escape search parameters, resulting in a reflected cross-site scripting XSS vulnerability. Nested View Plugin 1.26 escapes search parameters...