Cross-site Scripting in Jenkins ontrack Jenkins Plugin

Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers wi...

GHSA-6882-385P-HHHW Cross-site Scripting in Jenkins ontrack Jenkins Plugin

Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers wi...

CVE-2022-34192

Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers wi...

CVE-2022-34192

Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers wi...

PT-2022-22061 · Jenkins +1 · Jenkins +2

Name of the Vulnerable Software and Affected Versions: Jenkins ontrack Jenkins Plugin versions 4.0.0 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the plugin does not escape the name of certain parameters on views displaying parameters...

Sandbox bypass in ontrack Jenkins Plugin

A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM...

Security feature bypass

A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM...

CVE-2019-10306

A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM...

CVE-2019-10306

A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM...

CVE-2019-10306

The CVE-2019-10306 case concerns the Jenkins ontrack Plugin (versions 3.4 and earlier). The vulnerability is a sandbox bypass in the ontrack DSL processing that allows an attacker who controls DSL definitions to execute arbitrary code on the Jenkins master JVM. Exploitation details are not provid...

CVE-2019-10306

A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM...

CVE-2019-10306

A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM...

PT-2019-11708 · Jenkins · Jenkins Ontrack Jenkins Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins ontrack Plugin versions 3.4 and earlier Description: A sandbox bypass issue in the Jenkins ontrack Plugin allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM. Recommendations...