Lucene search
K

56 matches found

OSV
OSV
added 2022/09/21 4:15 p.m.20 views

CVE-2022-41237

Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...

9.8CVSS9.8AI score
Exploits0References1
NVD
NVD
added 2022/09/21 4:15 p.m.31 views

CVE-2022-41238

A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits...

9.8CVSS0.00879EPSS
Exploits0References1
OSV
OSV
added 2022/09/21 4:15 p.m.27 views

CVE-2022-41238

A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits...

9.8CVSS9.5AI score0.00879EPSS
Exploits0References1
Prion
Prion
added 2022/09/21 4:15 p.m.16 views

Design/Logic Flaw

A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits...

7.5CVSS9.4AI score0.00879EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/09/21 4:15 p.m.23 views

Cross site scripting

Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting XSS vulnerability...

4.9CVSS5.2AI score0.00587EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/09/21 4:15 p.m.21 views

Remote code execution

Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...

7.5CVSS9.7AI score0.0136EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/21 3:45 p.m.6 views

CVE-2022-41239

Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting XSS vulnerability...

5.5AI score0.00587EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/09/21 3:45 p.m.29 views

CVE-2022-41239

Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting XSS vulnerability...

5.7AI score0.00587EPSS
Exploits0References1
CVE
CVE
added 2022/09/21 3:45 p.m.94 views

CVE-2022-41239

Summary: CVE-2022-41239 affects the Jenkins DotCi Plugin (version ≤ 2.40.00). The issue is a lack of escaping the GitHub user name parameter in commit notifications when displayed in a build cause, which leads to a stored cross-site scripting (XSS) vulnerability. Affected component: Jenkins DotCi...

5.4CVSS5.2AI score0.00587EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/09/21 3:45 p.m.98 views

CVE-2022-41238

CVE-2022-41238 affects Jenkins DotCi Plugin, specifically versions 2.40.00 and earlier. The vulnerability is a missing permission check that allows unauthenticated attackers to trigger builds of jobs for attacker-specified repositories and commits. This is documented by multiple sources (NVD entr...

9.8CVSS9.4AI score0.00879EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/09/21 3:45 p.m.32 views

CVE-2022-41238

A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits...

9.7AI score0.00879EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/09/21 3:45 p.m.8 views

CVE-2022-41238

A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits...

9.5AI score0.00879EPSS
Exploits0References1
CVE
CVE
added 2022/09/21 3:45 p.m.98 views

CVE-2022-41237

CVE-2022-41237 affects Jenkins DotCi Plugin 2.40.00 and earlier. The vulnerability arises because the plugin’s YAML parser does not prevent the instantiation of arbitrary types, which can lead to remote code execution. This is documented across multiple sources (NVD, Red Hat advisory, OSV, and pu...

9.8CVSS9.7AI score0.0136EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/09/21 3:45 p.m.16 views

CVE-2022-41237

Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...

10AI score0.0136EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/09/21 3:45 p.m.5 views

CVE-2022-41237

Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...

7.7AI score0.0136EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/09/21 12:0 a.m.6 views

Jenkins DotCi Plugin 代码问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. A code issue vulnerability...

9.8CVSS9.2AI score0.0136EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/21 12:0 a.m.4 views

Jenkins DotCi Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

9.8CVSS8.3AI score0.00879EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/21 12:0 a.m.4 views

Jenkins DotCi Plugin 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site scripting...

5.4CVSS5.1AI score0.00587EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.5 views

PT-2022-25753 · Jenkins · Jenkins Dotci Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins DotCi Plugin versions 2.40.00 and earlier Description: A missing permission check in the Jenkins DotCi Plugin allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for...

9.8CVSS9.2AI score0.00879EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.2 views

PT-2022-25752 · Jenkins · Jenkins Dotci Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins DotCi Plugin versions 2.40.00 and earlier Description: The issue arises from the Jenkins DotCi Plugin not configuring its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...

9.8CVSS9.7AI score0.0136EPSS
Exploits0References9
Rows per page
Query Builder