2 matches found
Jenkins < 2.176.4 LTS / 2.197 Multiple Vulnerabilities
The version of Jenkins running on the remote web server is prior to 2.197 or is a version of Jenkins LTS prior to 2.176.4. It is, therefore, affected by multiple vulnerabilities: - An information disclosure vulnerability exists in the /whoAmI/ URL due to the exposed 'Cookie' HTTP Header. An...
CVE-2019-10403
CVE-2019-10403 affects Jenkins 2.196 and earlier, and LTS 2.176.3 and earlier. The vulnerability is a stored XSS in the tooltip for SCM tag actions caused by not escaping the SCM tag name, allowing an authenticated user who can control SCM tag names to execute arbitrary script in a victim’s brows...