5 matches found
Jenkins Rundeck Plugin Cross-Site Scripting (CVE-2022-30956)
A cross-site scripting vulnerability exists in Jenkins Rundeck Plugin. This vulnerability is due to insufficient validation of user input. A remote, authenticated attacker could exploit this vulnerability by sending a crafted message to a vulnerable server...
Jenkins Enterprise and Operations Center 2.303.x < 2.303.30.0.13 / 2.332.3.4 Multiple Vulnerabilities (CloudBees Security Advisory 2022-05-17)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.303.x prior to 2.303.30.0.13, or 2.x prior to 2.332.3.4. It is, therefore, affected by multiple vulnerabilities, including the following: - Jenkins Rundeck Plugin 3.6.10 and earlier does not...
CVE-2022-30956
Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads...
CVE-2022-30956
CVE-2022-30956 affects the Jenkins Rundeck Plugin (versions ≤ 3.6.10). It reports that the plugin “does not restrict URL schemes in Rundeck webhook submissions,” causing a stored XSS vulnerability exploitable by authenticated attackers submitting crafted payloads. Public advisories confirm that R...
CVE-2022-30956
Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads...