EUVD-2022-5011

Malicious code in bioql PyPI...

Jenkins Flaky Test Handler Plugin stored cross-site scripting vulnerability

Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control JUnit report file contents. Flaky Test Handler Plugin 1.2.3 escapes...

Jenkins Cppcheck Plugin vulnerable to stored cross-site scripting (XSS)

Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names from Cppcheck report files before showing them on the Jenkins UI. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control report file contents...

GHSA-J927-269R-96XW Jenkins Cppcheck Plugin vulnerable to stored cross-site scripting (XSS)

Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names from Cppcheck report files before showing them on the Jenkins UI. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control report file contents...

CVE-2023-28678

Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names from Cppcheck report files before showing them on the Jenkins UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control report file contents...

GHSA-P86X-75J8-W4XH Stored XSS vulnerability in Jenkins Checkmarx Plugin

heckmarx Plugin processes Checkmarx service API responses and generates HTML reports from them for rendering on the Jenkins UI. Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports. This results in a stored...

GHSA-J923-26C2-QQ9P Jenkins BART Plugin vulnerable to cross-site scripting (XSS)

Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed content of build logs before rendering it on the Jenkins UI, resulting in a stored cross-site scripting XSS vulnerability. Currently, there are no known workarounds or patches available...

Jenkins HTTP/2 DoS Vulnerability (CVE-2022-2048) - Linux

Jenkins is prone to an HTTP/2 denial of service DoS vulnerability in Jetty. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

Jenkins plugins Multiple Vulnerabilities (2022-06-22)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Multiple cross-site scripting XSS vulnerabilities in Jenkins 2.355 and earlier, LTS 2.332.3 and earlier allow attackers to inject HTML and...

Cross site scripting

A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI...