5 matches found
EUVD-2022-3371
Malicious code in bioql PyPI...
CVE-2023-41945
Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the permissions it grants are enabled, resulting in users with EDIT permissions to be granted Overall/Manage and Overall/SystemRead permissions, even if those permissions are disabled and should not be granted...
CVE-2023-41945
Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the permissions it grants are enabled, resulting in users with EDIT permissions to be granted Overall/Manage and Overall/SystemRead permissions, even if those permissions are disabled and should not be granted...
GHSA-9G4M-FFX6-C29G Jenkins Cross-site Scripting vulnerability in project naming strategy
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, that is displayed on item creation.\n\nThis results in a stored cross-site scripting XSS vulnerability exploitable by users with Overall/Manage permission.\n\nJenkins 2.252, LTS 2.235.4...
PT-2020-15451 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.251 and earlier Jenkins LTS versions 2.235.3 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the project naming strategy description is not properly escaped...