45 matches found
EUVD-2022-6406
Malicious code in bioql PyPI...
org.jenkins-ci.plugins:build-metrics (>=1.0 <=1.3) potentially affected by CVE-2025-58459 via org.jenkins-ci.plugins:global-build-stats (=1.2)
org.jenkins-ci.plugins:global-build-stats MAVEN version =1.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:global-build-stats and may be impacted: - org.jenkins-ci.plugins:build-metrics =1.0, =1.3 Source cves: CVE-2025-58459...
CVE-2025-54800 Hydra persistent XSS in build metrics
Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...
CVE-2025-54800 Hydra persistent XSS in build metrics
Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...
CVE-2022-34785
Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them...
CVE-2022-34784
Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Build/Update permission...
Jenkins build-metrics Plugin信息泄露漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. Jenkins build-metrics Plugin version 1.3 and earlier versions are vulnerable t...
Jenkins build-metrics Plugin跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plug-ins to support building, deploying, and automating any project. Jenkins build-metrics Plugin version 1.3 contains a cross-site scripting...
GHSA-QV56-J8FG-39H6 Jenkins build-metrics Plugin Missing Authorization vulnerability
Jenkins build-metrics Plugin 1.3 and earlier does not perform a permission check in multiple HTTP endpoints. This allows attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them. As of publication of this advisory, there is no fix...
Cross site scripting in Jenkins build-metrics Plugin
Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Build/Update permission...
Jenkins build-metrics Plugin Missing Authorization vulnerability
Jenkins build-metrics Plugin 1.3 and earlier does not perform a permission check in multiple HTTP endpoints. This allows attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them. As of publication of this advisory, there is no fix...
GHSA-J2GV-Q44J-XM42 Cross site scripting in Jenkins build-metrics Plugin
Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Build/Update permission...
CVE-2022-34785
Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them...
CVE-2022-34784
Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Build/Update permission...
CVE-2022-34784
Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Build/Update permission...
CVE-2022-34785
Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them...
CVE-2022-34784
Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Build/Update permission...
CVE-2022-34785
Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them...
Cross site scripting
Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Build/Update permission...
Design/Logic Flaw
Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them...