8 matches found
EUVD-2022-3046
Malicious code in bioql PyPI...
Stored XSS vulnerability in Jenkins brakeman Plugin
brakeman Plugin 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability. This vulnerability can be exploited by users able to control the Brakeman post-build step input data.\n\nbrakeman Plugin 0.13 escap...
GHSA-7Q9R-VHG2-789W Stored XSS vulnerability in Jenkins brakeman Plugin
brakeman Plugin 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability. This vulnerability can be exploited by users able to control the Brakeman post-build step input data.\n\nbrakeman Plugin 0.13 escap...
CloudBees Jenkins Brakeman plugin cross-site scripting vulnerability
CloudBees Jenkins is a web application that can use a large number of servers as build slaves to handle larger build/test loads. A cross-site scripting vulnerability exists in the Brakeman plugin in CloudBees Jenkins, version 0.12 and earlier. The vulnerability stems from a lack of proper...
CVE-2020-2122
Jenkins Brakeman Plugin 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability exploitable by users able to control the Brakeman post-build step input data...
CVE-2020-2122
Jenkins Brakeman Plugin 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability exploitable by users able to control the Brakeman post-build step input data...
CVE-2020-2122
CVE-2020-2122 affects Jenkins Brakeman Plugin 0.12 and earlier. The stored XSS arises because values from parsed JSON are not escaped when rendering, allowing an attacker who can control the Brakeman post-build step input data to execute code in the browser. The advisory notes that upgrading to v...
PT-2020-15329 · Jenkins · Jenkins Brakeman Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Brakeman Plugin versions 0.12 and earlier Description: The issue is related to a stored cross-site scripting vulnerability. It occurs because the plugin does not escape values received from parsed JSON files when rendering them. This...