271 matches found
CVE-2022-30970
CVE-2022-30970 affects Jenkins Autocomplete Parameter Plugin, versions 1.1 and earlier. The vulnerability arises from how Dropdown Autocomplete and Auto Complete String parameter names are referenced in views, with parameters not escaped in JavaScript embedded in view definitions, creating a stor...
CVE-2022-30969
A cross-site request forgery CSRF vulnerability in Jenkins Autocomplete Parameter Plugin 1.1 and earlier allows attackers to execute arbitrary code without sandbox protection if the victim is an administrator...
CVE-2022-30969
CVE-2022-30969 affects Jenkins Autocomplete Parameter Plugin (versions 1.1 and earlier). The issue is a CSRF flaw that can allow an administrator’s session to run arbitrary code without sandbox protection when visiting a malicious page. Impact per available data: high, with CVSS3.1 base score 8.8...
CVE-2022-30966
The CVE-2022-30966 entry involves Jenkins Random String Parameter Plugin (versions 1.0 and earlier). It describes a stored XSS vulnerability caused by the plugin not escaping the name and description of Random String parameters in views that display parameters. The risk requires attacker with Ite...
CVE-2022-30964
The CVE-2022-30964 entry describes a stored XSS vulnerability in Jenkins Multiselect Parameter Plugin (versions up to 1.3). Root cause: the plugin fails to escape the name and description of Multiselect parameters on views that display parameters. Impact: exploitable by attackers with Item/Config...
CVE-2022-30963
Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-30963
CVE-2022-30963 affects Jenkins JDK Parameter Plugin (1.0 and earlier). The vulnerability is a stored XSS caused by not escaping the JDK parameter name and description in views that display parameters, enabling exploitation by attackers with Item/Configure permission on affected dashboards/pages.
CVE-2022-30962
CVE-2022-30962 affects Jenkins Global Variable String Parameter Plugin, version 1.2 and earlier. The vulnerability arises because the plugin does not escape the name and description of Global Variable String parameters on parameter-displaying views, leading to a stored XSS vulnerability. Exploita...
CVE-2022-30962
Jenkins Global Variable String Parameter Plugin 1.2 and earlier does not escape the name and description of Global Variable String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-30961
Jenkins Autocomplete Parameter Plugin 1.1 and earlier does not escape the name of Dropdown Autocomplete and Auto Complete String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-30961
CVE-2022-30961 : Jenkins Autocomplete Parameter Plugin (versions 1.1 and earlier) exposes a stored XSS vulnerability. The plugin does not escape the names of Dropdown Autocomplete and Auto Complete String parameters on views where parameters are displayed, allowing an attacker with Item/Configure...
PT-2022-20418 · Jenkins · Jenkins +1
Name of the Vulnerable Software and Affected Versions: Jenkins Global Variable String Parameter Plugin versions 1.2 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability, which is exploitable by attackers with Item/Configure permission. This occurs because...
Jenkins Autocomplete Parameter Plugin 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. Jenkins Autocomplete Parameter Plugin 1.1 and earlier versions have a cross-si...
Jenkins Autocomplete Parameter Plugin 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability can be exploited to execute arbitrary code without sandbox...
Jenkins Multiselect parameter Plugin 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plug-ins to support building, deploying, and automating any project. Jenkins Multiselect parameter Plugin 1.3 and earlier versions have a cross-si...
Jenkins Autocomplete Parameter Plugin 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from the program not properly escaping the names of th...
Jenkins JDK Parameter Plugin 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plug-ins to support building, deploying, and automating any project. Jenkins JDK Parameter Plugin 1.0 and earlier versions have a cross-site...
PT-2022-20417 · Jenkins · Jenkins +1
Name of the Vulnerable Software and Affected Versions: Jenkins Autocomplete Parameter Plugin versions 1.1 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability due to the failure to escape the name of Dropdown Autocomplete and Auto Complete String parameter...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +2007 more potentially affected by CVE-2017-17383 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.9)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =55.v51410e712e0c, =1.0, =0.0.1, =0.1.1, =0.1.0, =1.0, =0.9, =0.45 and more Source cves: CVE-2017-17383 Source advisory: OSV:GHSA-X3RC-CXV7-6XP6...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1487 more potentially affected by CVE-2016-0789 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.642.1)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =0.0.1, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.5.0, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2016-0789 Source advisory: OSV:GHSA-8P3C-M625-WH83...