Lucene search
K

16 matches found

OSV
OSV
added 2022/06/24 12:0 a.m.33 views

GHSA-5HH2-F4H9-446G Cross-site Scripting in Jenkins Date Parameter Plugin

Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the name and description of Date parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of this vulnerability...

8CVSS5.8AI score0.00602EPSS
Exploits0References3
OSV
OSV
added 2022/06/24 12:0 a.m.34 views

GHSA-FCQR-GH8W-WM8F Cross-site Scripting in Jenkins Readonly Parameter Plugin

Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

8CVSS5.8AI score0.00602EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/06/24 12:0 a.m.36 views

Cross-site Scripting in Jenkins Dynamic Extended Choice Parameter Plugin

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.7AI score0.00753EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/06/24 12:0 a.m.86 views

GHSA-JHFV-8936-G652 Cross-site Scripting in Jenkins Hidden Parameter Plugin

Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of this...

8CVSS5.8AI score0.00602EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/06/24 12:0 a.m.52 views

Cross-site Scripting in Jenkins Maven Metadata Plugin

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

5.4CVSS5.7AI score0.00602EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/24 12:0 a.m.36 views

Cross-site Scripting in Jenkins Package Version Plugin

Jenkins Package Version Plugin 1.0.1 and earlier does not escape the name of Package version parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of this vulnerability requires...

5.4CVSS5.7AI score0.00602EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/24 12:0 a.m.35 views

Cross-site Scripting in Jenkins Hidden Parameter Plugin

Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of this...

5.4CVSS5.7AI score0.00602EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/24 12:0 a.m.43 views

Cross-site Scripting in Jenkins Agent Server Parameter Plugin

Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of this...

5.4CVSS5.7AI score0.00602EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/24 12:0 a.m.23 views

Cross-site Scripting in Jenkins CRX Content Package Deployer Plugin

Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS5.7AI score0.00753EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/18 12:0 a.m.34 views

GHSA-5PMP-7WC9-V7VW Cross-site Scripting in Jenkins JDK Parameter Plugin

Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters. This results in stored cross-site scripting XSS vulnerabilities exploitable by attackers with Item/Configure permission. Exploitation of this vulnerability...

8CVSS5.8AI score0.00715EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/18 12:0 a.m.35 views

Cross-site Scripting in Jenkins JDK Parameter Plugin

Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters. This results in stored cross-site scripting XSS vulnerabilities exploitable by attackers with Item/Configure permission. Exploitation of this vulnerability...

5.4CVSS5.7AI score0.00715EPSS
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/13 1:2 a.m.5 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1598 more potentially affected by CVE-2017-2601 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.32.1)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2017-2601 Source advisory: OSV:GHSA-R69C-5J7C-VM6Q...

6.1CVSS6.5AI score0.02146EPSS
Exploits0
CVE
CVE
added 2018/05/10 12:0 a.m.152 views

CVE-2017-2601

The connected materials corroborate CVE-2017-2601 as a persisted cross-site scripting (XSS) vulnerability in Jenkins parameter names and descriptions, exploitable by attackers with Job/Configure permission. Jenkins core fixes the issue (SECURITY-353) by hardening the Build With Parameters/Paramet...

6.1CVSS4.9AI score0.02146EPSS
Exploits0References9Affected Software1
OpenVAS
OpenVAS
added 2017/03/13 12:0 a.m.51 views

Jenkins Multiple Vulnerabilities (Feb 2017) - Windows

Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ifdescription...

9.8CVSS6.1AI score0.19191EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2017/03/13 12:0 a.m.107 views

Jenkins Multiple Vulnerabilities (Feb 2017) - Linux

Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ifdescription...

9.8CVSS6.1AI score0.19191EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2017/02/02 3:21 p.m.32 views

CVE-2017-2601

Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions SECURITY-353. Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions...

6.1CVSS2.3AI score0.02146EPSS
Exploits0References2
Rows per page
Query Builder