34 matches found
Cross site scripting
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step...
CVE-2020-2317
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step...
CVE-2020-2317
The CVE-2020-2317 entry describes a stored XSS vulnerability in Jenkins FindBugs Plugin, affecting version 5.0.0 and earlier. The root cause is that the plugin does not escape the annotation message shown in tooltips, enabling an attacker who can supply report files to the plugin’s post-build ste...
CVE-2020-2317
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step...
PT-2020-15551 · Jenkins · Jenkins Findbugs Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins FindBugs Plugin versions 5.0.0 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the annotation message in tooltips is not properly escaped, allowing attackers to injec...
CloudBees Jenkins FindBugs plugin XML external entity injection vulnerability
CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . FindBugs Plugin is used in one of th...
CVE-2018-1000011
Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...
Server side request forgery (ssrf)
Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...
CVE-2018-1000011
Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...
CVE-2018-1000011
Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...
CVE-2018-1000011
Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks...
CVE-2018-1000011
The CVE-2018-1000011 issue affects Jenkins FindBugs Plugin (version 4.71 and earlier). The root cause is XML External Entity (XXE) processing in files parsed during builds, enabling attackers with Jenkins user permissions to extract secrets from the Jenkins master, perform server-side request for...
Fortify SCA analysis code vulnerabilities the whole solution-vulnerability warning-the black bar safety net
The last describes the use of FindBugs-assisted analysis of code vulnerability, this time a tools: Fortify SCA Demo 4.0.0。 Fortify is a security aspect of the quite famous company, there is not much to say. First introduce the protagonist: the Fortify SCA Demo 4.0.0, although do not know now...
With the FindBugs code analysis vulnerability-vulnerability warning-the black bar safety net
Static analysis tools promise without developer effort will be able to find out the code has some defects. Of course, if you have years of writing experience, you will know that these promises are not necessarily fulfilled. Nevertheless, a good static analysis tool is still in the Toolbox...