2 matches found
Jenkins plugins Multiple Vulnerabilities (2022-04-12)
According to its their self-reported version number, the version of Jenkins plugins running on the remote web server are Jenkins CVS Plugin prior to 2.19.1, Credentials Plugin prior to 1112., Extended Choice Parameter Plugin 346. or earlier, Gerrit Trigger Plugin prior to 2.35.3, Git Parameter...
CVE-2022-29039
CVE-2022-29039 affects Jenkins Gerrit Trigger Plugin 2.35.2 and earlier. The vulnerability is a stored XSS caused by failing to escape the name/description of Base64 Encoded String parameters on parameter views, exploitable by users with Item/Configure permission. Connected documents confirm the ...