3 matches found
jenkins: Stored XSS vulnerability in upstream cause
A flaw was found in Jenkins versions 2.244 and prior and in LTS 2.235.1 and prior. The upstream job's display name is not escaped on build time trend pages which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this exploit to...
PT-2020-15439 · Cloudbees +1 · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.244 and earlier Jenkins LTS versions 2.235.1 and earlier Description: The issue results from incorrect escaping of the href attribute of links to downstream jobs displayed in the build console page, leading to a stored...
PT-2020-15438 · Cloudbees +1 · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.244 and earlier Jenkins LTS versions 2.235.1 and earlier Description: The issue results from the job name in the 'Keep this build forever' badge tooltip not being escaped, leading to a stored cross-site scripting...