9 matches found
Wrangler affected by OS Command Injection in `wrangler pages deploy`
Summary A command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of --commit-hash t...
Jenkins Unauthenticated Access
Jenkins is an open-source automation server used to automate various aspects of software development, including building, testing, and deploying application. If authentication is not enforced, an attacker can gain administrative access to Jenkins, potentially allowing for the execution of arbitra...
org.jenkins-ci.plugins.workflow:workflow-aggregator (>=2.0 <=2.2), org.jenkins-ci.plugins:token-macro (=2.2) +1 more potentially affected by CVE-2023-25762 via org.jenkins-ci.plugins:pipeline-build-step (>=2.0 <=2.1)
org.jenkins-ci.plugins:pipeline-build-step MAVEN version =2.0, =2.0, =1.0.0, =1.0.8 Source cves: CVE-2023-25762 Source advisory: OSV:GHSA-9J65-3F2Q-8Q2R...
GHSA-G364-C7W5-93WH Jenkins Delivery Pipeline Plugin Cross-site Scripting vulnerability
The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs. Version 1.0.8 of the plugin converts the value to a boolean true/false...
Jenkins Delivery Pipeline Plugin Cross-site Scripting vulnerability
The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs. Version 1.0.8 of the plugin converts the value to a boolean true/false...
org.jenkins-ci.plugins.workflow:workflow-aggregator (>=2.0 <=2.2), org.jenkins-ci.plugins:token-macro (=2.2) +1 more potentially affected by CVE-2022-25184 via org.jenkins-ci.plugins:pipeline-build-step (>=2.0 <=2.1)
org.jenkins-ci.plugins:pipeline-build-step MAVEN version =2.0, =2.0, =1.0.0, =1.0.8 Source cves: CVE-2022-25184 Source advisory: OSV:GHSA-G84F-CMC8-682C...
CVE-2017-1000404
The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs...
CVE-2017-1000404
The CVE-2017-1000404 issue affects the Jenkins Delivery Pipeline Plugin (versions ≤ 1.0.7). It arises from the unescaped fullscreen query parameter being echoed into JavaScript, enabling cross-site scripting via specially crafted URLs. The advisory notes that version 1.0.8 converts the value to a...
CloudBees Jenkins Delivery Pipeline Plugin Cross-Site Scripting Vulnerability
CloudBees Jenkins is the U.S. CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Delivery Pipeline Plugin is to use a continuo...