2 matches found
GHSA-98GQ-6HXG-52R6 XSS vulnerability in Jenkins notification bar
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents typically shown after form submissions via Apply button. This results in a cross-site scripting XSS vulnerability exploitable by attackers able to influence notification bar contents. Jenkins...
jenkins: Excessive memory allocation in graph URLs leads to denial of service
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors...