8 matches found
Stored XSS vulnerability in Jenkins job build time trend
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability. Jenkins 2.245, LTS 2.235.2 escapes the agent name...
GHSA-QGJ4-RC8M-44MQ Stored XSS vulnerability in Jenkins job build time trend
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability. Jenkins 2.245, LTS 2.235.2 escapes the agent name...
jenkins: Stored XSS vulnerability in job build time trend
A flaw was found in Jenkins versions 2.244 and prior and in LTS 2.235.1 and prior. The agent name is not escaped on build time trend pages which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this exploit to function. The highe...
jenkins: Stored XSS vulnerability in job build time trend
A flaw was found in Jenkins versions 2.244 and prior and in LTS 2.235.1 and prior. The agent name is not escaped on build time trend pages which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this exploit to function. The highe...
jenkins: Stored XSS vulnerability in job build time trend
A flaw was found in Jenkins versions 2.244 and prior and in LTS 2.235.1 and prior. The agent name is not escaped on build time trend pages which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this exploit to function. The highe...
Cross-Site Scripting (XSS)
Jenkins is vulnerable to cross-site scripting. The agent name in the build time trend page is not validated, allowing an attacker to inject and execute arbitrary Javascript in a user's browser...
FreeBSD : jenkins -- multiple vulnerabilities (1ddab5cb-14c9-4632-959f-802c412a9593)
Jenkins Security Advisory : DescriptionHigh SECURITY-1868 / CVE-2020-2220 Stored XSS vulnerability in job build time trend High SECURITY-1901 / CVE-2020-2221 Stored XSS vulnerability in upstream cause High SECURITY-1902 / CVE-2020-2222 Stored XSS vulnerability in 'keep forever' badge icons High...
PT-2020-15436 · Cloudbees +1 · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.244 and earlier Jenkins LTS versions 2.235.1 and earlier Description: The issue is related to a stored cross-site scripting vulnerability. It occurs because the agent name in the build time trend page is not properly escape...