56 matches found
CVE-2022-41237
Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...
CVE-2022-41238
A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits...
CVE-2022-41238
A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits...
Design/Logic Flaw
A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits...
Cross site scripting
Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting XSS vulnerability...
Remote code execution
Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...
CVE-2022-41239
Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting XSS vulnerability...
CVE-2022-41239
Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting XSS vulnerability...
CVE-2022-41239
Summary: CVE-2022-41239 affects the Jenkins DotCi Plugin (version ≤ 2.40.00). The issue is a lack of escaping the GitHub user name parameter in commit notifications when displayed in a build cause, which leads to a stored cross-site scripting (XSS) vulnerability. Affected component: Jenkins DotCi...
CVE-2022-41238
CVE-2022-41238 affects Jenkins DotCi Plugin, specifically versions 2.40.00 and earlier. The vulnerability is a missing permission check that allows unauthenticated attackers to trigger builds of jobs for attacker-specified repositories and commits. This is documented by multiple sources (NVD entr...
CVE-2022-41238
A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits...
CVE-2022-41238
A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits...
CVE-2022-41237
CVE-2022-41237 affects Jenkins DotCi Plugin 2.40.00 and earlier. The vulnerability arises because the plugin’s YAML parser does not prevent the instantiation of arbitrary types, which can lead to remote code execution. This is documented across multiple sources (NVD, Red Hat advisory, OSV, and pu...
CVE-2022-41237
Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...
CVE-2022-41237
Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...
Jenkins DotCi Plugin 代码问题漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. A code issue vulnerability...
Jenkins DotCi Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins DotCi Plugin 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site scripting...
PT-2022-25753 · Jenkins · Jenkins Dotci Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins DotCi Plugin versions 2.40.00 and earlier Description: A missing permission check in the Jenkins DotCi Plugin allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for...
PT-2022-25752 · Jenkins · Jenkins Dotci Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins DotCi Plugin versions 2.40.00 and earlier Description: The issue arises from the Jenkins DotCi Plugin not configuring its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...