Lucene search
K

9 matches found

Github Security Blog
Github Security Blog
added 2026/01/21 11:0 p.m.12 views

Wrangler affected by OS Command Injection in `wrangler pages deploy`

Summary A command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of --commit-hash t...

9.9CVSS6.1AI score0.01393EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/09/26 12:0 a.m.3 views

Jenkins Unauthenticated Access

Jenkins is an open-source automation server used to automate various aspects of software development, including building, testing, and deploying application. If authentication is not enforced, an attacker can gain administrative access to Jenkins, potentially allowing for the execution of arbitra...

7.4AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2023/02/15 3:30 p.m.6 views

org.jenkins-ci.plugins.workflow:workflow-aggregator (>=2.0 <=2.2), org.jenkins-ci.plugins:token-macro (=2.2) +1 more potentially affected by CVE-2023-25762 via org.jenkins-ci.plugins:pipeline-build-step (>=2.0 <=2.1)

org.jenkins-ci.plugins:pipeline-build-step MAVEN version =2.0, =2.0, =1.0.0, =1.0.8 Source cves: CVE-2023-25762 Source advisory: OSV:GHSA-9J65-3F2Q-8Q2R...

5.4CVSS6AI score0.814EPSS
Exploits0
OSV
OSV
added 2022/05/14 3:45 a.m.11 views

GHSA-G364-C7W5-93WH Jenkins Delivery Pipeline Plugin Cross-site Scripting vulnerability

The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs. Version 1.0.8 of the plugin converts the value to a boolean true/false...

6.1CVSS6AI score0.00948EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/14 3:45 a.m.14 views

Jenkins Delivery Pipeline Plugin Cross-site Scripting vulnerability

The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs. Version 1.0.8 of the plugin converts the value to a boolean true/false...

6.1CVSS2.5AI score0.00948EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2022/02/16 12:1 a.m.4 views

org.jenkins-ci.plugins.workflow:workflow-aggregator (>=2.0 <=2.2), org.jenkins-ci.plugins:token-macro (=2.2) +1 more potentially affected by CVE-2022-25184 via org.jenkins-ci.plugins:pipeline-build-step (>=2.0 <=2.1)

org.jenkins-ci.plugins:pipeline-build-step MAVEN version =2.0, =2.0, =1.0.0, =1.0.8 Source cves: CVE-2022-25184 Source advisory: OSV:GHSA-G84F-CMC8-682C...

6.5CVSS6.5AI score0.00876EPSS
Exploits0
NVD
NVD
added 2018/01/26 2:29 a.m.15 views

CVE-2017-1000404

The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs...

6.1CVSS6AI score0.00948EPSS
Exploits0References2
CVE
CVE
added 2018/01/26 2:0 a.m.62 views

CVE-2017-1000404

The CVE-2017-1000404 issue affects the Jenkins Delivery Pipeline Plugin (versions ≤ 1.0.7). It arises from the unescaped fullscreen query parameter being echoed into JavaScript, enabling cross-site scripting via specially crafted URLs. The advisory notes that version 1.0.8 converts the value to a...

6.1CVSS6AI score0.00948EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2017/11/28 12:0 a.m.5 views

CloudBees Jenkins Delivery Pipeline Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins is the U.S. CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Delivery Pipeline Plugin is to use a continuo...

6.1CVSS7AI score0.00948EPSS
Exploits0References1
Rows per page
Query Builder