Lucene search
K

5 matches found

OSV
OSV
added 2024/03/06 10:58 a.m.29 views

BIT-JENKINS-2022-34170

In Jenkins 2.320 through 2.355 both inclusive and LTS 2.332.1 through LTS 2.332.3 both inclusive the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting XSS vulnerability exploitable by attacker...

5.4CVSS5.4AI score0.01361EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2022/08/19 5:14 a.m.63 views

CVE-2022-34170

In Jenkins 2.320 through 2.355 both inclusive and LTS 2.332.1 through LTS 2.332.3 both inclusive the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting XSS vulnerability exploitable by attacker...

6.1CVSS1.4AI score0.01361EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/06/24 12:0 a.m.40 views

Cross-site Scripting vulnerability in Jenkins

Since Jenkins 2.320 and LTS 2.332.1, help icon tooltips no longer escape the feature name, effectively undoing the fix for SECURITY-1955. This vulnerability is known to be exploitable by attackers with Job/Configure permission. Jenkins 2.356, LTS 2.332.4 and LTS 2.346.1 addresses this...

5.4CVSS6.6AI score0.01361EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/24 12:0 a.m.29 views

Cross-site Scripting vulnerability in Jenkins

Since Jenkins 2.321 and LTS 2.332.1, the HTML output generated for new symbol-based SVG icons includes the title attribute of l:ionicon until Jenkins 2.334 and alt attribute of l:icon since Jenkins 2.335 without further escaping. This vulnerability is known to be exploitable by attackers with...

5.4CVSS6.5AI score0.01361EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2022/06/22 2:40 p.m.76 views

CVE-2022-34171

In Jenkins 2.321 through 2.355 both inclusive and LTS 2.332.1 through LTS 2.332.3 both inclusive the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' until Jenkins 2.334 and 'alt' attribute of 'l:icon' since Jenkins 2.335 without further escaping,...

5.4CVSS5.6AI score0.01361EPSS
Exploits0
Rows per page
Query Builder