Jenkins Plugin Date Parameter 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exist...

PT-2022-22055 · Jenkins · Jenkins Filesystem List Parameter Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Filesystem List Parameter Plugin versions 0.0.7 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the plugin does not escape the name and description of File system...

PT-2022-22056 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins Hidden Parameter Plugin versions 0.0.4 and earlier Description: The Jenkins Hidden Parameter Plugin does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-si...

PT-2022-22063 · Jenkins · Jenkins Readonly Parameter Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Readonly Parameter Plugin versions 1.0.0 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability, which is exploitable by attackers with Item/Configure permission. This occurs because the plugin...

PT-2022-22053 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins Date Parameter Plugin versions 0.0.4 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the Jenkins Date Parameter Plugin does not escape the name and description of Date paramete...

PT-2022-22051 · Jenkins · Jenkins Agent Server Parameter Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Agent Server Parameter Plugin versions 1.1 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability, which can be exploited by attackers with Item/Configure permission. This occurs because the name...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1594 more potentially affected by CVE-2021-21697 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.30)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2021-21697 Source advisory: OSV:GHSA-CV2W-Q8C3-XJV7...

GHSA-X3M6-VCP7-98MR Stored XSS vulnerability in Jenkins REST List Parameter Plugin

Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission. Jenkins REST List Parameter Plugin 1.3.1 no longer...

Stored XSS vulnerability in Jenkins REST List Parameter Plugin

Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission. Jenkins REST List Parameter Plugin 1.3.1 no longer...

GHSA-GC87-QWMV-7X9X Stored XSS vulnerability in Jenkins Artifact Repository Parameter Plugin

Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission. Jenkins Artifact Repository Parameter Plugin 1.0.1 escapes...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1594 more potentially affected by CVE-2021-21605 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.26)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2021-21605 Source advisory: OSV:GHSA-PXGQ-GQR9-5GWX...

Stored XSS vulnerability in Validating String Parameter Plugin

Validating String Parameter Plugin 2.4 and earlier does not escape regular expressions in tooltips. Additionally, Validating String Parameter Plugin 2.4 does not escape parameter names and parameter descriptions. This results in a stored cross-site scripting XSS vulnerability exploitable by...

GHSA-FVWH-WV43-8QJ5 Stored XSS vulnerability in Validating String Parameter Plugin

Validating String Parameter Plugin 2.4 and earlier does not escape regular expressions in tooltips. Additionally, Validating String Parameter Plugin 2.4 does not escape parameter names and parameter descriptions. This results in a stored cross-site scripting XSS vulnerability exploitable by...

Stored XSS vulnerability in Jenkins Git Parameter Plugin

Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission. Git Parameter Plugin 0.9.13 escapes the repository field o...

GHSA-J7Q2-C6R4-X2JW Stored XSS vulnerability in Jenkins Git Parameter Plugin

Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission. Git Parameter Plugin 0.9.13 escapes the repository field o...

Passwords transmitted in plain text by Jenkins Stash Branch Parameter Plugin

Stash Branch Parameter Plugin stores Stash API passwords in its global configuration file org.jenkinsci.plugins.StashBranchParameter.StashBranchParameterDefinition.xml on the Jenkins controller as part of its configuration. While the password is stored encrypted on disk, it is transmitted in plai...

GHSA-3F82-V3QW-53Q7 Passwords transmitted in plain text by Jenkins Stash Branch Parameter Plugin

Stash Branch Parameter Plugin stores Stash API passwords in its global configuration file org.jenkinsci.plugins.StashBranchParameter.StashBranchParameterDefinition.xml on the Jenkins controller as part of its configuration. While the password is stored encrypted on disk, it is transmitted in plai...

Jenkins Git Parameter Plugin vulnerable to Stored cross-site scripting (XSS)

Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission...

Jenkins Git Parameter Plugin vulnerable to stored cross-site scripting (XSS)

Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission...

GHSA-HW26-FW67-QXM9 Jenkins Git Parameter Plugin vulnerable to Stored cross-site scripting (XSS)

Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission...