10 matches found
EUVD-2022-3945
Malicious code in bioql PyPI...
SUSE CVE-2020-2244
Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting XSS vulnerability exploitable by attackers able to provide console output for builds used to test build log indications...
Stored XSS vulnerability in Jenkins console links
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the href attribute of links to downstream jobs displayed in the build console page. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Job/Configure permission. Jenkins 2.245, LTS 2.235.2...
GHSA-GFHJ-524Q-GCRM Stored XSS vulnerability in Jenkins console links
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the href attribute of links to downstream jobs displayed in the build console page. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Job/Configure permission. Jenkins 2.245, LTS 2.235.2...
jenkins: Stored XSS vulnerability in console links
A flaw was found in Jenkins versions 2.244 and prior and in LTS 2.235.1 and prior. HREF attribute of links to downstream jobs are not escaped on build console pages which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this...
jenkins: Stored XSS vulnerability in console links
A flaw was found in Jenkins versions 2.244 and prior and in LTS 2.235.1 and prior. HREF attribute of links to downstream jobs are not escaped on build console pages which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this...
jenkins: Stored XSS vulnerability in console links
A flaw was found in Jenkins versions 2.244 and prior and in LTS 2.235.1 and prior. HREF attribute of links to downstream jobs are not escaped on build console pages which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this...
jenkins: Stored XSS vulnerability in console links
A flaw was found in Jenkins versions 2.244 and prior and in LTS 2.235.1 and prior. HREF attribute of links to downstream jobs are not escaped on build console pages which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this...
Cross site scripting
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability...
PT-2020-15439 · Cloudbees +1 · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.244 and earlier Jenkins LTS versions 2.235.1 and earlier Description: The issue results from incorrect escaping of the href attribute of links to downstream jobs displayed in the build console page, leading to a stored...