Improper authorization due to caching in Jenkins Role-based Authorization Strategy Plugin

Role-based Authorization Strategy Plugin 2.12 and newer uses a cache to speed up permission lookups. Role-based Authorization Strategy Plugin 3.0 and earlier this cache is not invalidated properly when an administrator changes the permission configuration. This can result in permissions being...

GHSA-VR6V-WJFW-RXCR Stored XSS vulnerability in Jenkins Matrix Authorization Strategy Plugin

Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the permission table. This results in a stored cross-site scripting XSS vulnerability. When using project-based matrix authorization, this vulnerability can be exploited by a user with Job/Configure or...

Jenkins Folder-based Authorization Strategy Plugin 跨站脚本漏洞

Jenkins and Jenkins Plugin are both products of Jenkins, which is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The plugin fails to escape the role name displayed on the configuration form, which can ...

CVE-2020-2226

The CVE-2020-2226 issue affects Jenkins Matrix Authorization Strategy Plugin, version 2.6.1 and earlier, where user names shown in the configuration were not escaped, enabling a stored cross-site scripting (XSS) vulnerability. The vulnerability can be exploited by users with Job/Configure or Agen...

FreeBSD : jenkins -- multiple vulnerabilities (622e14b1-b40c-11e2-8441-00e0814cab4e)

Jenkins Security Advisory reports : This advisory announces multiple security vulnerabilities that were found in Jenkins core. - SECURITY-63 / CVE-2013-2034 This creates a cross-site request forgery CSRF vulnerability on Jenkins master, where an anonymous attacker can trick an administrator to...