10 matches found
RHCOS 4 : OpenShift Container Platform 4.5.13 jenkins (RHSA-2020:3841)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3841 advisory. - jetty: double release of resource can lead to information disclosure CVE-2019-17638 - jenkins: user-specified tooltip values leads...
Jenkins 2.235.3 - 'tooltip' Stored Cross-Site Scripting
Exploit Title: Jenkins 2.235.3 - 'tooltip' Stored Cross-Site Scripting Date: 11/12/2020 Exploit Author: gx1 Vendor Homepage: https://www.jenkins.io/ Software Link: https://updates.jenkins-ci.org/download/war/ Version: = 2.251 and = LTS 2.235.3 Tested on: any CVE : CVE-2020-2229 References:...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.4.27 openshift-jenkins-2-container security update
An update for openshift-jenkins-2-container is now available for Red Hat OpenShift Container Platform 4.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
RHEL 7 : OpenShift Container Platform 4.5.13 jenkins (RHSA-2020:3841)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3841 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.5.13 jenkins security update
An update for jenkins is now available for Red Hat OpenShift Container Platform 4.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RHEL 7 / 8 : OpenShift Container Platform 4.3.38 jenkins and openshift (RHSA-2020:3808)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3808 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
CVE-2020-2229
A flaw was found in Jenkins in versions prior to 2.251 and LTS 2.235.3. Tooltip values, which are not properly escaped, can be contributed by plugins and use user-specified values. This results in a potential stored cross-site scripting XSS vulnerability. This highest threat from this vulnerabili...
FreeBSD : jenkins -- multiple vulnerabilities (eef0d2d9-78c0-441e-8b03-454c5baebe20)
Jenkins Security Advisory : DescriptionHigh SECURITY-1955 / CVE-2020-2229 Stored XSS vulnerability in help icons High SECURITY-1957 / CVE-2020-2230 Stored XSS vulnerability in project naming strategy High SECURITY-1960 / CVE-2020-2231 Stored XSS vulnerability in 'Trigger builds remotely' C Tenabl...
Jenkins < 2.252, < 2.235.4 Multiple XSS Vulnerabilities - Linux
Jenkins is prone to multiple cross-site scripting XSS vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
CVE-2020-2229
Jenkins CVE-2020-2229 is a stored XSS vulnerability caused by failing to escape tooltip content in help icons. Affected products/versions: Jenkins 2.251 and earlier, and LTS 2.235.3 and earlier. Impact: stored XSS via plugin-contributed tooltip values. Mitigation: upgrade to Jenkins 2.252 or LTS ...