Lucene search
K

57 matches found

CNNVD
CNNVD
added 2022/10/19 12:0 a.m.4 views

Jenkins Plugin Generic Webhook Trigger 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

5.3CVSS5.8AI score0.00501EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/10/19 12:0 a.m.32 views

CVE-2022-43412

Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

5.4AI score0.00501EPSS
Exploits0References2
OSV
OSV
added 2022/05/24 7:5 p.m.18 views

GHSA-732F-W585-GMPC XXE vulnerability in Jenkins Generic Webhook Trigger Plugin

Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with the ability to call webhooks configured to extract parameters using XPath to have Jenkins parse a crafted XML request body that uses...

9.8CVSS9.4AI score0.25746EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/24 7:5 p.m.30 views

XXE vulnerability in Jenkins Generic Webhook Trigger Plugin

Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with the ability to call webhooks configured to extract parameters using XPath to have Jenkins parse a crafted XML request body that uses...

9.8CVSS8.8AI score0.25746EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/16 12:1 a.m.23 views

Stored XSS vulnerability in Jenkins Generic Webhook Trigger Plugin

Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.3AI score0.00648EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/02/15 5:15 p.m.5 views

CVE-2022-25185

Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.9AI score0.00648EPSS
Exploits0References3
Prion
Prion
added 2022/02/15 5:15 p.m.15 views

Cross site scripting

Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

3.5CVSS5.3AI score0.00648EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/02/15 4:11 p.m.144 views

CVE-2022-25185

The CVE-2022-25185 entry relates to the Jenkins Generic Webhook Trigger Plugin (versions ≤ 1.81). Root cause: the plugin does not escape the build cause when using the webhook, enabling a stored XSS vulnerability. Impact: attacker with Item/Configure permission can exploit via the webhook to inje...

5.4CVSS5.4AI score0.00648EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/02/15 12:0 a.m.6 views

PT-2022-17125 · Jenkins · Jenkins Generic Webhook Trigger Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Generic Webhook Trigger Plugin versions 1.81 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. This occurs because the build cause is not properly escaped when using the webhook. Attacke...

5.4CVSS5AI score0.00648EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/02/15 12:0 a.m.5 views

Jenkins Generic Webhook Trigger Plugin 跨站脚本漏洞

Jenkins is a Jenkins open source application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.A cross-site scripting vulnerability exists in Jenkins Generic Webhook Trigger Plugin 1.81 and earlier versions, which...

5.4CVSS5.3AI score0.00648EPSS
Exploits0References6
OSV
OSV
added 2021/06/18 10:15 a.m.5 views

CVE-2021-21669

Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

9.8CVSS7.3AI score
Exploits0References2
NVD
NVD
added 2021/06/18 10:15 a.m.26 views

CVE-2021-21669

Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

9.8CVSS0.25746EPSS
Exploits0References2
Prion
Prion
added 2021/06/18 10:15 a.m.23 views

Xxe

Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

7.5CVSS9.4AI score0.25746EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/06/18 9:25 a.m.33 views

CVE-2021-21669

Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

9.7AI score0.25746EPSS
Exploits0References2
CVE
CVE
added 2021/06/18 9:25 a.m.83 views

CVE-2021-21669

CVE-2021-21669 affects the Jenkins Generic Webhook Trigger Plugin (versions 1.72 and earlier). The root cause is an XML parser that does not disable external entity resolution, enabling XML External Entity (XXE) attacks. Exploitation could allow a crafted webhook payload to cause leakage of file ...

9.8CVSS9.4AI score0.25746EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2021/06/18 12:0 a.m.7 views

PT-2021-14712 · Jenkins · Jenkins Generic Webhook Trigger Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Generic Webhook Trigger Plugin versions 1.72 and earlier Description: The issue allows attackers to have Jenkins parse a crafted XML request body that uses external entities for extraction of secrets from the Jenkins controller or...

9.8CVSS9.3AI score0.25746EPSS
Exploits0References9
CNNVD
CNNVD
added 2021/06/18 12:0 a.m.4 views

Jenkins 代码问题漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A code issue vulnerability exists in Jenkins Generic Webhook Trigger Plugin 1.72 and earlier versions that stems from not...

9.8CVSS8.4AI score0.25746EPSS
Exploits0References4
Rows per page
Query Builder