Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2023/07/27 6:47 a.m.58 views

CVE-2023-39151

A flaw was found in Jenkins, where Jenkins weekly and LTS are vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote, authenticated attacker can inject malicious script into a web page, which would be executed in a victim's Web browser within the...

8CVSS6AI score0.00862EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2023/07/26 3:30 p.m.5 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1602 more potentially affected by CVE-2023-39151 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.40)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2023-39151 Source advisory: OSV:GHSA-69VW-3PCM-84RW...

5.4CVSS6.6AI score0.00862EPSS
Exploits0
CVE
CVE
added 2023/07/26 1:54 p.m.106 views

CVE-2023-39151

CVE-2023-39151 affects Jenkins core and LTS prior to specific fixes. The issue occurs when Jenkins builds generate hyperlinks from URLs in logs: URLs are not properly sanitized/encoded, enabling a stored XSS vulnerability if an attacker can control the build log contents. Affected versions includ...

5.4CVSS5.2AI score0.00862EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/07/26 1:54 p.m.30 views

CVE-2023-39151

Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control build log contents...

5.6AI score0.00862EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/07/26 12:0 a.m.25 views

FreeBSD : jenkins -- Stored XSS vulnerability (a0321b74-031d-485c-bb76-edd75256a6f0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a0321b74-031d-485c-bb76-edd75256a6f0 advisory. - Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build...

5.4CVSS6.2AI score0.00862EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2023/07/26 12:0 a.m.21 views

jenkins -- Stored XSS vulnerability

Jenkins Security Advisory: Description High SECURITY-3188 / CVE-2023-39151 Stored XSS vulnerability...

5.4CVSS6.5AI score0.00862EPSS
Exploits0References1
Rows per page
Query Builder