3 matches found
CVE-2022-34192
Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers wi...
PT-2022-22061 · Jenkins +1 · Jenkins +2
Name of the Vulnerable Software and Affected Versions: Jenkins ontrack Jenkins Plugin versions 4.0.0 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the plugin does not escape the name of certain parameters on views displaying parameters...
Security feature bypass
A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM...