Lucene search
+L

82 matches found

OSV
OSV
added 2022/05/24 5:12 p.m.24 views

GHSA-264W-XRR7-6QQG RCE vulnerability in Jenkins OpenShift Pipeline Plugin

OpenShift Pipeline Plugin 1.0.56 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code execution RCE vulnerability exploitable by users able to provide YAML input files to OpenShift Pipeline Plugin’s build step. OpenShift...

8.8CVSS8.9AI score0.02077EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 5:12 p.m.36 views

RCE vulnerability in Jenkins OpenShift Pipeline Plugin

OpenShift Pipeline Plugin 1.0.56 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code execution RCE vulnerability exploitable by users able to provide YAML input files to OpenShift Pipeline Plugin’s build step. OpenShift...

8.8CVSS8.9AI score0.02077EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 4:52 p.m.30 views

Jenkins Build Pipeline Plugin vulnerable to Cross-site Scripting

Build Pipeline Plugin does not properly escape variables in views, resulting in a stored cross-site scripting vulnerability exploitable by users with permission to configure build pipelines. This vulnerability is only exploitable on Jenkins releases older than 2.146 or 2.138.2 due to the security...

5.4CVSS1.2AI score0.00735EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/24 4:52 p.m.25 views

GHSA-CX5R-P4VJ-2MQH Jenkins Build Pipeline Plugin vulnerable to Cross-site Scripting

Build Pipeline Plugin does not properly escape variables in views, resulting in a stored cross-site scripting vulnerability exploitable by users with permission to configure build pipelines. This vulnerability is only exploitable on Jenkins releases older than 2.146 or 2.138.2 due to the security...

5.4CVSS5.2AI score0.00735EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/05/18 12:3 p.m.7 views

Libraries: Untrusted users can modify some Pipeline libraries in Pipeline Shared Groovy Libraries Plugin

A flaw was found in the Jenkins Pipeline: Shared Groovy Libraries plugin. The Jenkins Pipeline: Shared Groovy Libraries plugin allows attackers to submit pull requests. However, the attacker cannot commit directly to the configured Source Control Management SCM to effectively change the Pipeline...

5.3CVSS5.8AI score0.01116EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/14 3:45 a.m.14 views

Jenkins Delivery Pipeline Plugin Cross-site Scripting vulnerability

The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs. Version 1.0.8 of the plugin converts the value to a boolean true/false...

6.1CVSS2.5AI score0.00948EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/14 3:45 a.m.22 views

GHSA-G364-C7W5-93WH Jenkins Delivery Pipeline Plugin Cross-site Scripting vulnerability

The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs. Version 1.0.8 of the plugin converts the value to a boolean true/false...

6.1CVSS6AI score0.00948EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2022/05/14 2:43 a.m.6 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +2157 more potentially affected by CVE-2010-3700 via org.acegisecurity:acegi-security (>=1.0.0 <=1.0.7)

org.acegisecurity:acegi-security MAVEN version =1.0.0, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.1, =0.1.0, =1.0, =1.17.3 and more Source cves: CVE-2010-3700 Source advisory: OSV:GHSA-3295-H9QX-R82X...

5CVSS5.8AI score0.01673EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/05/14 1:44 a.m.25 views

Asset Pipeline plugin for Grails vulnerable to Path Traversal

An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in...

7.5CVSS5AI score0.02185EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:18 a.m.15 views

Incorrect permission checks in Pipeline: Nodes and Processes plugin

On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline node blocks on those agents due to incorrect permissions checks in Pipeline: Nodes and Processes...

4.9CVSS7AI score0.01031EPSS
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2022/02/16 12:1 a.m.4 views

org.jenkins-ci.plugins.workflow:workflow-aggregator (>=2.0 <=2.2), org.jenkins-ci.plugins:token-macro (=2.2) +1 more potentially affected by CVE-2022-25184 via org.jenkins-ci.plugins:pipeline-build-step (>=2.0 <=2.1)

org.jenkins-ci.plugins:pipeline-build-step MAVEN version =2.0, =2.0, =1.0.0, =1.0.8 Source cves: CVE-2022-25184 Source advisory: OSV:GHSA-G84F-CMC8-682C...

6.5CVSS6.5AI score0.00876EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2020/09/16 12:0 a.m.6 views

PT-2020-15481 · Jenkins · Jenkins Pipeline Maven Integration Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline Maven Integration Plugin versions 3.9.2 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the upstream job's display name shown as part of a build cause is not...

5.4CVSS5.1AI score0.00735EPSS
Exploits0References7
CNVD
CNVD
added 2020/08/14 12:0 a.m.5 views

CloudBees Jenkins Pipeline Maven Integration Plugin Unauthorized Access Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An unauthorized access...

6.5CVSS7.1AI score0.01056EPSS
Exploits0References1
OSV
OSV
added 2020/07/02 3:15 p.m.11 views

CVE-2020-2214

Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

5.4CVSS6.8AI score
Exploits0References2
NVD
NVD
added 2020/07/02 3:15 p.m.33 views

CVE-2020-2214

Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

5.4CVSS0.00735EPSS
Exploits0References2
Prion
Prion
added 2020/07/02 3:15 p.m.16 views

Design/Logic Flaw

Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

3.5CVSS5.5AI score0.00735EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/07/02 2:55 p.m.35 views

CVE-2020-2214

Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

5.5AI score0.00735EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/07/02 12:0 a.m.12 views

PT-2020-15429 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins ZAP Pipeline Plugin versions 1.9 and earlier Jenkins versions prior to 2.228 excluding 2.227 and older, 2.204.5 and older, due to different security concerns Jenkins versions 2.228 through 2.230 Jenkins 2.222.x LTS versions Jenkins...

5.4CVSS5.4AI score0.00735EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2020/06/10 12:0 a.m.6 views

The vulnerability of the YAML syntax analyzer plugin for working with the OpenShift Jenkins OpenShift Pipeline plugin allows a attacker to execute arbitrary code.

The vulnerability of the YAML syntax analyzer for the OpenShift Jenkins OpenShift Pipeline Plugin is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

9CVSS8AI score0.02077EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2020/03/26 3:2 a.m.4 views

openshift/jenkins-plugin: Deserialization in snakeyaml YAML() objects allows for remote code execution

Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...

8.8CVSS6.5AI score0.02077EPSS
Exploits0References5
Rows per page
Query Builder