27 matches found
Jenkins Filesystem List Parameter Plugin has Path Traversal vulnerability
Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter. This allows attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system. Filesystem List Parameter Plugin 0.0.15 ensur...
GHSA-FWXQ-3F52-5CMC Jenkins Filesystem List Parameter Plugin has Path Traversal vulnerability
Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter. This allows attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system. Filesystem List Parameter Plugin 0.0.15 ensur...
CVE-2024-54004
Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system...
Jenkins plugins Multiple Vulnerabilities (2024-11-27)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string. CVE-2024-47855 - Jenkins Simple Queue Plugin 1.4.4...
Jenkins Filesystem List Parameter Plugin has Path Traversal vulnerability
Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter. This allows attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system. Filesystem List Parameter Plugin 0.0.15 ensur...
Cross-site Scripting in Jenkins REST List Parameter Plugin
Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of this...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Jenkins REST List Parameter Plugin Cross-Site Scripting Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is an application software. A cross-site scripting...
CVE-2022-34196
Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34187
Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Cross site scripting
Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Cross site scripting
Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34196
CVE-2022-34196 affects Jenkins with the REST List Parameter Plugin prior to 1.6.0. The plugin does not escape the name and description of REST list parameters on parameter-displaying views, causing a stored XSS vulnerability exploitable by attackers who have Item/Configure permission. Connected a...
CVE-2022-34196
Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34187
Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34187
CVE-2022-34187 affects Jenkins Filesystem List Parameter Plugin, version 0.0.7 and earlier. It is a stored cross-site scripting (XSS) vulnerability in the name/description of File system objects list parameters on parameter-enabled views, exploitable by attackers with Item/Configure permission. M...
Stored XSS vulnerability in Jenkins REST List Parameter Plugin
Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission. Jenkins REST List Parameter Plugin 1.3.1 no longer...
GHSA-X3M6-VCP7-98MR Stored XSS vulnerability in Jenkins REST List Parameter Plugin
Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission. Jenkins REST List Parameter Plugin 1.3.1 no longer...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +2005 more potentially affected by CVE-2017-17383 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.9)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =55.v51410e712e0c, =1.0, =0.0.1, =0.1.1, =0.1.0, =1.0, =0.9, =0.45 and more Source cves: CVE-2017-17383 Source advisory: OSV:GHSA-X3RC-CXV7-6XP6...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +2157 more potentially affected by CVE-2010-3700 via org.acegisecurity:acegi-security (>=1.0.0 <=1.0.7)
org.acegisecurity:acegi-security MAVEN version =1.0.0, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.1, =0.1.0, =1.0, =1.17.3 and more Source cves: CVE-2010-3700 Source advisory: OSV:GHSA-3295-H9QX-R82X...