13 matches found
Malicious code in rush-command-parameters-plugin (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-2977 Malicious code in rush-command-parameters-plugin (npm)
--- -= Per source details. Do not edit below this line.=-...
GHSA-W24G-24QG-V4W2 CSRF vulnerability in Jenkins Build With Parameters Plugin
Jenkins Build With Parameters Plugin 1.5 and earlier does not require POST requests for its form submission endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to build a project with attacker-specified parameters. Build With Parameters Plug...
CSRF vulnerability in Jenkins Build With Parameters Plugin
Jenkins Build With Parameters Plugin 1.5 and earlier does not require POST requests for its form submission endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to build a project with attacker-specified parameters. Build With Parameters Plug...
CloudBees Jenkins Build With Parameters Plugin Cross-Site Request Forgery Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site request forgery...
CloudBees Jenkins Build With Parameters Plugin Cross-Site Scripting Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...
CVE-2021-21629
A cross-site request forgery CSRF vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows attackers to build a project with attacker-specified parameters...
CVE-2021-21629
A cross-site request forgery CSRF vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows attackers to build a project with attacker-specified parameters...
CVE-2021-21628
Jenkins Build With Parameters Plugin 1.5 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows attackers to build a project with attacker-specified parameters...
CVE-2021-21629
CVE-2021-21629: A CSRF vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows an attacker to trigger builds with attacker-specified parameters via endpoints that do not require POST; patch to 1.5.1 or later is indicated by sources (OSV/GHSA/NASL) as the fix. No exploitation ...
CVE-2021-21628
The CVE-2021-21628 case concerns Jenkins Build With Parameters Plugin (versions ≤ 1.5). The underlying issue is that parameter names and descriptions are not escaped, enabling stored XSS. The vulnerability can be exploited by attackers who have Job/Configure permission. Public writeups from OSV a...
CVE-2021-21628
Jenkins Build With Parameters Plugin 1.5 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...