33 matches found
EUVD-2022-4454
Malicious code in bioql PyPI...
Cross-site Scripting in Jenkins CRX Content Package Deployer Plugin
Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
GHSA-HC44-P2QQ-CFM9 Cross-site Scripting in Jenkins CRX Content Package Deployer Plugin
Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Jenkins CRX Content Package Deployer Plugin Cross-Site Scripting Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plug-ins to support building, deploying, and automating any project. a cross-site scripting vulnerability exists in Jenkins CRX Content Package...
CVE-2022-34184
Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34184
Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34184
Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Cross site scripting
Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34184
CVE-2022-34184 affects Jenkins CRX Content Package Deployer Plugin 1.9 and earlier. The issue is that the name and description of CRX Content Package Choice parameters are not escaped on parameter views, causing stored XSS exploitable by attackers with Item/Configure permission. Connected sources...
CVE-2022-34184
Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Jenkins Plugin CRX Content Package Deployer 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plug-ins to support building, deploying, and automating any project. a cross-site scripting vulnerability exists in Jenkins CRX Content Package...
PT-2022-22052 · Jenkins · Jenkins +1
Name of the Vulnerable Software and Affected Versions: Jenkins CRX Content Package Deployer Plugin versions 1.9 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the plugin does not escape the name and description of CRX Content Package Choi...
Jenkins CRX Content Package Deployer Plugin subject to credentials enumeration via Missing Authorization
A missing permission check in Jenkins CRX Content Package Deployer Plugin prior to version 1.9 in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. This issue is patched in version 1.9...
GHSA-4CMQ-88F8-53R5 Jenkins CRX Content Package Deployer Plugin subject to credentials enumeration via Missing Authorization
A missing permission check in Jenkins CRX Content Package Deployer Plugin prior to version 1.9 in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. This issue is patched in version 1.9...
GHSA-62FP-J75Q-MQHC Jenkins CRX Content Package Deployer Plugin subject to Cross-Site Request Forgery
A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin prior to 1.9 allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. This issue is patched...
GHSA-JWW4-2793-9GMG Jenkins CRX Content Package Deployer Plugin subject to Missing Authorization
A missing permission check in Jenkins CRX Content Package Deployer Plugin prior to version 1.9 allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Jenkins CRX Content Package Deployer Plugin subject to Cross-Site Request Forgery
A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin prior to 1.9 allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. This issue is patched...
Unspecified Vulnerability in CloudBees Jenkins CRX Content Package Deployer Plugin
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . CRX Content Package Deployer Plugin is used in...
CVE-2019-10438
A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-10437
A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...