18 matches found
CVE-2026-53441
Jenkins 2.483 through 2.567 both inclusive, LTS 2.492.1 through 2.555.2 both inclusive does not escape the user-provided description of a generic offline cause that could be set through the POST config.xml API, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers...
EUVD-2026-36025
Jenkins 2.483 through 2.567 both inclusive, LTS 2.492.1 through 2.555.2 both inclusive does not escape the user-provided description of a generic offline cause that could be set through the POST config.xml API, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers...
CVE-2026-34837
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, he REST endpoint POST /api/v1/aiassistance/texttools/:id contains an authorization failure. Context data e.g., a group or organization supplied to be used in the AI prompt were not checked if they are accessible f...
CVE-2026-34837
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, he REST endpoint POST /api/v1/aiassistance/texttools/:id contains an authorization failure. Context data e.g., a group or organization supplied to be used in the AI prompt were not checked if they are accessible f...
CVE-2026-34837 Zammad is miissing authorization in AI assistance controller for context data used in text tools
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, he REST endpoint POST /api/v1/aiassistance/texttools/:id contains an authorization failure. Context data e.g., a group or organization supplied to be used in the AI prompt were not checked if they are accessible f...
EUVD-2026-20568
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, he REST endpoint POST /api/v1/aiassistance/texttools/:id contains an authorization failure. Context data e.g., a group or organization supplied to be used in the AI prompt were not checked if they are accessible f...
CVE-2026-34837 Zammad is miissing authorization in AI assistance controller for context data used in text tools
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, he REST endpoint POST /api/v1/aiassistance/texttools/:id contains an authorization failure. Context data e.g., a group or organization supplied to be used in the AI prompt were not checked if they are accessible f...
EUVD-2022-4852
Malicious code in bioql PyPI...
CVE-2025-27622
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...
jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE
A vulnerability was found in the Remoting library in Jenkins core, which handles communication between the Jenkins controller and agents. The ClassLoaderProxyfetchJar function may allow malicious agents or attackers with Agent/Connect permission to read arbitrary files from the Jenkins controller...
SUSE CVE-2017-9324
In Open Ticket Request System OTRS 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URL...
PT-2022-22339 · Jenkins · Jenkins Matrix Reloaded Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Matrix Reloaded Plugin versions 1.1.3 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. This occurs because the agent name in tooltips is not properly escaped, allowing attackers with...
jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key
An incorrect access restriction vulnerability was found in the Subversion Plugin for Jenkins. An agent's ability to learn the name of a file is not restricted when looking up a subversion key file on the controller. This may allow attackers to control agent processes and read arbitrary files on t...
jenkins-2-plugins/matrix-project: Stored XSS vulnerability in multiple axis builds tooltips
A flaw was found in the Matrix Project Plugin version 1.16 and prior. Node names shown in tooltips are not escaped on the overview page of builds with multiple axes which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this...
jenkins-2-plugins/matrix-project: Stored XSS vulnerability in single axis builds tooltips
A flaw was found in the Matrix Project Plugin version 1.16 and prior. Node names shown in tooltips are not escaped on the overview page of builds with a single axis which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this...
DEBIAN-CVE-2017-9324
In Open Ticket Request System OTRS 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URL...
UBUNTU-CVE-2017-9324
In Open Ticket Request System OTRS 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URL...
CVE-2017-9324
In Open Ticket Request System OTRS 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URL...