CVE-2022-28149

Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-28149

Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-28151

A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job...

CVE-2022-28152

The CVE-2022-28152 entry concerns a CSRF vulnerability in Jenkins Job and Node ownership Plugin (versions 0.13.0 and earlier) that allows an attacker to restore the default ownership of a job. This is documented across multiple sources (OSV, CNVD/CNNVD, CVE listings) confirming the affected compo...

CVE-2022-28149

CVE-2022-28149 affects Jenkins “Job and Node ownership” Plugin (versions 0.13.0 and earlier). The issue arises because secondary owner names are not escaped, causing stored XSS. Exploitation requires Item/Configure permission to trigger JavaScript execution in the client. No remediation details a...

Jenkins Job and Node ownership Plugin 访问控制错误漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Job and Node ownership Plugin 0.13.0 and earlier versions are vulnerable to an authorization issue that stems from...