19 matches found
CVE-2022-41242
A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps...
CVE-2022-34790
Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Jenkins plugins Multiple Vulnerabilities (2022-06-30)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulti...
GHSA-MRF6-4GW6-65V3 Jenkins extreme-feedback Plugin vulnerable to Missing Authorization
Jenkins extreme-feedback Plugin 1.7 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps. As of publicati...
Jenkins extreme-feedback Plugin vulnerable to Missing Authorization
Jenkins extreme-feedback Plugin 1.7 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps. As of publicati...
CVE-2022-41242
A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps...
CVE-2022-41242
A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps...
Information disclosure
A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps...
CVE-2022-41242
A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps...
CVE-2022-41242
CVE-2022-41242 affects Jenkins extreme-feedback Plugin 1.7 and earlier. Root cause: missing authorization check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate lamp-related data (job names, MAC/IP addresses) and rename lamps. Impact is information disclosure and ...
Jenkins extreme-feedback Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2022-6107 · Jenkins · Jenkins Extreme-Feedback Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins extreme-feedback Plugin versions 1.7 and earlier Description: The issue is related to a missing permission check in the Jenkins extreme-feedback Plugin, allowing attackers with Overall/Read permission to access sensitive information...
Cross-site Scripting in Jenkins eXtreme Feedback Panel Plugin
Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34790
Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34790
Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34790
Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34790
Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
PT-2022-22342 · Jenkins · Jenkins Extreme Feedback Panel Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins eXtreme Feedback Panel Plugin versions 2.0.1 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the job names used in tooltips are not properly escaped, allowing attacke...
Jenkins Plugin eXtreme Feedback Panel 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exist...