3 matches found
Jenkins < 2.176.4 LTS / 2.197 Multiple Vulnerabilities
The version of Jenkins running on the remote web server is prior to 2.197 or is a version of Jenkins LTS prior to 2.176.4. It is, therefore, affected by multiple vulnerabilities: - An information disclosure vulnerability exists in the /whoAmI/ URL due to the exposed 'Cookie' HTTP Header. An...
CVE-2019-10402
In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents...
CVE-2019-10402
CVE-2019-10402 affects Jenkins up to version 2.196 and earlier, and LTS up to 2.176.3 and earlier. The f:combobox form control interprets item labels as HTML, causing a stored XSS vulnerability exploitable by users with permission to define its contents. Reported in related advisories (e.g., Jenk...