Lucene search
K

5 matches found

Snyk
Snyk
added 2022/05/14 2:13 a.m.2 views

Cross-site Scripting (XSS)

Overview org.jenkins-ci:winstone is a command line wrapper around Jetty. Affected versions of this package are vulnerable to Cross-site Scripting XSS. An attacker with some degree of write access can inject arbitrary web script or HTML into generated pages. Note: This attack can be only mounted...

3.5CVSS5.2AI score0.01424EPSS
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2021/04/16 5:12 p.m.75 views

Codecov Discloses Supply Chain Compromise

The following blog was co-authored by Curt Barnard and Caitlin Condon. On April 15, 2021, code coverage and testing company Codecov announced a supply chain compromise in which a malicious party gained access to their Bash Uploader script and modified it without authorization, enabling the...

0.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2019/09/25 12:0 a.m.2 views

PT-2019-11800 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.196 and earlier Jenkins LTS versions 2.176.3 and earlier Description: The issue results from a lack of restriction or filtering on values set as the Jenkins URL in the global configuration, leading to a stored XSS...

4.8CVSS4.7AI score0.00992EPSS
Exploits0References7
Packet Storm
Packet Storm
added 2018/06/05 12:0 a.m.47 views

Jenkins Mailer Cross Site Request Forgery

Exploit Title : Jenkins mailer plugin \ '+table'covermessage'+'' s = smtplib.SMTPtable'smtpserver' s.starttls s.logintable'lid', table'lpw' s.sendmailmsg'From', msg'To', msg.asstring def urlset : url = strinput"Jenkins Server's URLex : http://vuln.jenkin...

6CVSS0.6AI score0.06773EPSS
Exploits5
Cvelist
Cvelist
added 2017/10/04 1:0 a.m.40 views

CVE-2017-1000092

Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenki...

7.5AI score0.00769EPSS
Exploits0References2
Rows per page
Query Builder