3 matches found
EUVD-2020-2228
Malware in sbrugna...
Cross site scripting
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability...
CVE-2020-2228
The CVE-2020-2228 issue affects Jenkins Gitlab Authentication Plugin; versions 1.5 and earlier fail to differentiate between user names and hierarchical group names during authorization, enabling privilege escalation. The root cause is improper authorization checks when the same base name is used...