50 matches found
CVE-2022-25185
The CVE-2022-25185 entry relates to the Jenkins Generic Webhook Trigger Plugin (versions ≤ 1.81). Root cause: the plugin does not escape the build cause when using the webhook, enabling a stored XSS vulnerability. Impact: attacker with Item/Configure permission can exploit via the webhook to inje...
PT-2022-17125 · Jenkins · Jenkins Generic Webhook Trigger Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Generic Webhook Trigger Plugin versions 1.81 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. This occurs because the build cause is not properly escaped when using the webhook. Attacke...
Jenkins Generic Webhook Trigger Plugin 跨站脚本漏洞
Jenkins is a Jenkins open source application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.A cross-site scripting vulnerability exists in Jenkins Generic Webhook Trigger Plugin 1.81 and earlier versions, which...
CVE-2021-21669
Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2021-21669
Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Xxe
Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2021-21669
Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2021-21669
CVE-2021-21669 affects the Jenkins Generic Webhook Trigger Plugin (versions 1.72 and earlier). The root cause is an XML parser that does not disable external entity resolution, enabling XML External Entity (XXE) attacks. Exploitation could allow a crafted webhook payload to cause leakage of file ...
Jenkins 代码问题漏洞
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A code issue vulnerability exists in Jenkins Generic Webhook Trigger Plugin 1.72 and earlier versions that stems from not...
PT-2021-14712 · Jenkins · Jenkins Generic Webhook Trigger Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Generic Webhook Trigger Plugin versions 1.72 and earlier Description: The issue allows attackers to have Jenkins parse a crafted XML request body that uses external entities for extraction of secrets from the Jenkins controller or...