271 matches found
CVE-2022-27202
CVE-2022-27202 concerns Jenkins Extended Choice Parameter Plugin (version 346.vd87693c5a_86c and earlier). The root cause is that the plugin does not escape the value and description of Extended Choice parameters of radio buttons or check boxes, allowing stored cross-site scripting (XSS). Exploit...
Jenkins Extended Choice Parameter Plugin 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Extended Choice...
PT-2022-18300 · Jenkins · Jenkins List Git Branches Parameter Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins List Git Branches Parameter Plugin versions 0.0.9 and earlier Description: The issue results from the failure to escape the name of the 'List Git branches and more' parameter, leading to a stored cross-site scripting XSS vulnerability...
PT-2022-18290 · Jenkins · Jenkins Extended Choice Parameter Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Extended Choice Parameter Plugin versions 346.vd87693c5a 86c and earlier Description: The issue allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller...
Jenkins Custom Checkbox Parameter Plugin Cross-Site Scripting Vulnerability
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.A cross-site scripting vulnerability exists in Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier versions, which ste...
CVE-2022-25191
Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape parameter names of agent server parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-25191
Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape parameter names of agent server parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-25191
Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape parameter names of agent server parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-25189
Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier does not escape parameter names of custom checkbox parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Cross site scripting
Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape parameter names of agent server parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-25191
Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape parameter names of agent server parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-25191
CVE-2022-25191 : Jenkins Agent Server Parameter Plugin 1.0 and earlier fails to escape parameter names for agent server parameters, causing a stored XSS vulnerability exploitable by attackers with Item/Configure permission. The issue is mitigated by upgrading to Agent Server Parameter Plugin 1.1,...
CVE-2022-25189
CVE-2022-25189 : Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier does not escape parameter names of custom checkbox parameters, causing stored XSS exploitable by attackers with Item/Configure permission. The plugin was updated in 1.2 to escape parameter names. Impact is stored XSS; explo...
PT-2022-17129 · Jenkins · Jenkins Custom Checkbox Parameter Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Custom Checkbox Parameter Plugin versions 1.1 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This is due to the plugin not escaping parameter names of custom checkbox parameters. Attacke...
PT-2022-17131 · Jenkins · Jenkins Agent Server Parameter Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Agent Server Parameter Plugin versions 1.0 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the plugin does not escape parameter names of agent server parameters...
Jenkins Artifact Repository Parameter Plugin Cross-Site Scripting (CVE-2021-21622)
A stored cross-site scripting vulnerability exists in Jenkins Artifact Repository Parameter plugin. This vulnerability is due to insufficient validation of the name and description parameters in the ArtifactRepoParamDefinition class...
CloudBees Jenkins REST List Parameter Plugin Cross-Site Scripting Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...
CVE-2021-21635
Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
CVE-2021-21635
Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
CVE-2021-21635
CVE-2021-21635 affects Jenkins REST List Parameter Plugin up to version 1.3.0. The issue is a stored XSS vulnerability caused by not escaping a parameter name reference in embedded JavaScript, exploitable by an attacker with Job/Configure permission. The linked OSV/GHSA entries confirm the vulner...