5 matches found
CloudBees Jenkins Locked Files Report Plugin Cross-Site Scripting Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site script execution...
CVE-2020-2271
Jenkins Locked Files Report Plugin 1.6 and earlier does not escape locked files' names in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
CVE-2020-2271
Jenkins Locked Files Report Plugin 1.6 and earlier does not escape locked files' names in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
CVE-2020-2271
CVE-2020-2271 affects Jenkins Locked Files Report Plugin (versions ≤ 1.6). The issue is a stored XSS where locked files’ names are not escaped in tooltips, exploitable by attackers with Job/Configure permission. Root cause: insufficient escaping in tooltip rendering. Impact is XSS within Jenkins ...
PT-2020-15496 · Jenkins · Jenkins Locked Files Report Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Locked Files Report Plugin versions 1.6 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because locked files' names in tooltips are not properly escaped. This can be exploite...