Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2022/05/24 5:23 p.m.27 views

Stored XSS vulnerability in Jenkins console links

Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the href attribute of links to downstream jobs displayed in the build console page. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Job/Configure permission. Jenkins 2.245, LTS 2.235.2...

5.4CVSS5.3AI score0.01032EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2020/09/23 12:46 p.m.8 views

jenkins: Stored XSS vulnerability in upstream cause

A flaw was found in Jenkins versions 2.244 and prior and in LTS 2.235.1 and prior. The upstream job's display name is not escaped on build time trend pages which could lead to a stored cross-site scripting XSS vulnerability. The user must have the Agent/Configure permission for this exploit to...

5.4CVSS5.9AI score0.01077EPSS
Exploits0References4
NVD
NVD
added 2020/07/15 6:15 p.m.14 views

CVE-2020-2222

Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability...

5.4CVSS0.01126EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/07/15 12:0 a.m.4 views

PT-2020-15438 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.244 and earlier Jenkins LTS versions 2.235.1 and earlier Description: The issue results from the job name in the 'Keep this build forever' badge tooltip not being escaped, leading to a stored cross-site scripting...

5.4CVSS5AI score0.01126EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2020/07/15 12:0 a.m.5 views

PT-2020-15439 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.244 and earlier Jenkins LTS versions 2.235.1 and earlier Description: The issue results from incorrect escaping of the href attribute of links to downstream jobs displayed in the build console page, leading to a stored...

8CVSS5.1AI score0.01032EPSS
Exploits0References10
Rows per page
Query Builder