PT-2021-14709 · Jenkins · Jenkins Kiuwan Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Kiuwan Plugin versions 1.6.0 and earlier Description: The issue is related to a reflected cross-site scripting XSS vulnerability. It occurs because the Jenkins Kiuwan Plugin does not escape query parameters in an error message for a...

PT-2020-15528 · Jenkins · Jenkins Nerrvana Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Nerrvana Plugin versions 1.02.06 and earlier Description: The issue allows attackers to have Jenkins parse crafted HTTP requests with XML data, using external entities for extraction of secrets from the Jenkins controller or server-si...

CVE-2020-2200

Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the play command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master...

CVE-2020-2200

Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the play command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master...