Lucene search
K

8 matches found

Github Security Blog
Github Security Blog
added 2022/05/24 5:23 p.m.35 views

Stored XSS vulnerability in Jenkins job build time trend

Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability. Jenkins 2.245, LTS 2.235.2 escapes the agent name...

5.4CVSS5.5AI score0.01023EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 5:23 p.m.3 views

GHSA-QGJ4-RC8M-44MQ Stored XSS vulnerability in Jenkins job build time trend

Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability. Jenkins 2.245, LTS 2.235.2 escapes the agent name...

8CVSS5.8AI score0.01023EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/09/23 12:46 p.m.5 views

jenkins: Stored XSS vulnerability in job build time trend

A flaw was found in Jenkins versions 2.244 and prior and in LTS 2.235.1 and prior. The agent name is not escaped on build time trend pages which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this exploit to function. The highe...

5.4CVSS5.9AI score0.01023EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/08/25 6:10 a.m.5 views

jenkins: Stored XSS vulnerability in job build time trend

A flaw was found in Jenkins versions 2.244 and prior and in LTS 2.235.1 and prior. The agent name is not escaped on build time trend pages which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this exploit to function. The highe...

5.4CVSS5.9AI score0.01023EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/08/24 2:53 p.m.3 views

jenkins: Stored XSS vulnerability in job build time trend

A flaw was found in Jenkins versions 2.244 and prior and in LTS 2.235.1 and prior. The agent name is not escaped on build time trend pages which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this exploit to function. The highe...

5.4CVSS5.9AI score0.01023EPSS
Exploits0References4
Veracode
Veracode
added 2020/08/06 9:31 p.m.24 views

Cross-Site Scripting (XSS)

Jenkins is vulnerable to cross-site scripting. The agent name in the build time trend page is not validated, allowing an attacker to inject and execute arbitrary Javascript in a user's browser...

5.4CVSS2.6AI score0.01023EPSS
Exploits0References2Affected Software9
Tenable Nessus
Tenable Nessus
added 2020/07/16 12:0 a.m.39 views

FreeBSD : jenkins -- multiple vulnerabilities (1ddab5cb-14c9-4632-959f-802c412a9593)

Jenkins Security Advisory : DescriptionHigh SECURITY-1868 / CVE-2020-2220 Stored XSS vulnerability in job build time trend High SECURITY-1901 / CVE-2020-2221 Stored XSS vulnerability in upstream cause High SECURITY-1902 / CVE-2020-2222 Stored XSS vulnerability in 'keep forever' badge icons High...

5.4CVSS5.5AI score0.01126EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2020/07/15 12:0 a.m.5 views

PT-2020-15436 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.244 and earlier Jenkins LTS versions 2.235.1 and earlier Description: The issue is related to a stored cross-site scripting vulnerability. It occurs because the agent name in the build time trend page is not properly escape...

8CVSS5AI score0.01023EPSS
Exploits0References10
Rows per page
Query Builder