Jenkins global-build-stats Plugin missing permission check can result in graph IDs being enumerated

Jenkins global-build-stats Plugin 322.v22f4db18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs. This has been patched in version 347.v32aeb0493c4f...

Jenkins plugin global-build-stats 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

Cross-Site Request Forgery (CSRF) vulnerability in Jenkins global-build-stats plugin

Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a potential reflected cross-site scripting...

GHSA-GW8G-HH47-Q4GW Cross-Site Request Forgery (CSRF) vulnerability in Jenkins global-build-stats plugin

Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a potential reflected cross-site scripting...

Stored Cross-site Scripting vulnerability in Jenkins global-build-stats Plugin

Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

org.jenkins-ci.plugins:build-metrics (>=1.0 <=1.3) potentially affected by CVE-2022-27207 via org.jenkins-ci.plugins:global-build-stats (=1.2)

org.jenkins-ci.plugins:global-build-stats MAVEN version =1.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:global-build-stats and may be impacted: - org.jenkins-ci.plugins:build-metrics =1.0, =1.3 Source cves: CVE-2022-27207...

CVE-2022-27207

Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

CVE-2022-27207

Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

Cross site scripting

Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

CVE-2022-27207

CVE-2022-27207 describes a stored XSS vulnerability in the Jenkins global-build-stats Plugin, affecting versions 1.5 and earlier. The issue arises because multiple fields in the chart configuration on the Global Build Stats page are not escaped, enabling an attacker with Overall/Administer permis...

CVE-2022-27207

Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...

CloudBees Jenkins global-build-stats plugin cross-site scripting vulnerability

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . global-build-stats is used in which ...

CVE-2017-1000389

CVE-2017-1000389 affects Jenkins global-build-stats plugin (v1.4 and earlier). The vulnerability arises from JSON responses served with Content-Type: text/html, allowing potential reflected XSS, and from some data-modifying URLs that did not require POST, enabling potential CSRF. The connected so...