16 matches found
GHSA-5HH2-F4H9-446G Cross-site Scripting in Jenkins Date Parameter Plugin
Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the name and description of Date parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of this vulnerability...
GHSA-FCQR-GH8W-WM8F Cross-site Scripting in Jenkins Readonly Parameter Plugin
Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Cross-site Scripting in Jenkins Dynamic Extended Choice Parameter Plugin
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
GHSA-JHFV-8936-G652 Cross-site Scripting in Jenkins Hidden Parameter Plugin
Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of this...
Cross-site Scripting in Jenkins Maven Metadata Plugin
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...
Cross-site Scripting in Jenkins Package Version Plugin
Jenkins Package Version Plugin 1.0.1 and earlier does not escape the name of Package version parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of this vulnerability requires...
Cross-site Scripting in Jenkins Hidden Parameter Plugin
Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of this...
Cross-site Scripting in Jenkins Agent Server Parameter Plugin
Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of this...
Cross-site Scripting in Jenkins CRX Content Package Deployer Plugin
Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
GHSA-5PMP-7WC9-V7VW Cross-site Scripting in Jenkins JDK Parameter Plugin
Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters. This results in stored cross-site scripting XSS vulnerabilities exploitable by attackers with Item/Configure permission. Exploitation of this vulnerability...
Cross-site Scripting in Jenkins JDK Parameter Plugin
Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters. This results in stored cross-site scripting XSS vulnerabilities exploitable by attackers with Item/Configure permission. Exploitation of this vulnerability...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1598 more potentially affected by CVE-2017-2601 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.32.1)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2017-2601 Source advisory: OSV:GHSA-R69C-5J7C-VM6Q...
CVE-2017-2601
The connected materials corroborate CVE-2017-2601 as a persisted cross-site scripting (XSS) vulnerability in Jenkins parameter names and descriptions, exploitable by attackers with Job/Configure permission. Jenkins core fixes the issue (SECURITY-353) by hardening the Build With Parameters/Paramet...
Jenkins Multiple Vulnerabilities (Feb 2017) - Windows
Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ifdescription...
Jenkins Multiple Vulnerabilities (Feb 2017) - Linux
Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ifdescription...
CVE-2017-2601
Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions SECURITY-353. Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions...