3 matches found
GHSA-GC2R-CCFH-62V9 Reflected XSS vulnerability in Jenkins Micro Focus Application Automation Tools Plugin
Micro Focus Application Automation Tools Plugin 6.7 and earlier does not escape user input in a form validation response. This results in a reflected cross-site scripting XSS vulnerability. Micro Focus Application Automation Tools Plugin 6.8 escapes user input in the affected form validation...
Reflected XSS vulnerability in Jenkins markup formatter preview
Jenkins allows administrators to choose the markup formatter to use for descriptions of jobs, builds, views, etc. displayed in Jenkins. When editing such a description, users can choose to have Jenkins render a formatted preview of the description they entered. Jenkins 2.274 and earlier, LTS...
Path traversal vulnerability in Jenkins agent names
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override unrelated config.xml files. If the global config.xml file is replaced, Jenkins will start up with unsafe legacy defaults after a restart. Jenkins...