CVE-2020-2265

Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to the plugin's post-build step...

CVE-2025-30196

Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the javascript: scheme, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step...

CVE-2023-46655

Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins...

CVE-2023-28669

Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action...

CVE-2023-28677

Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure Freestyle projects to prepare a crafted...

CVE-2023-28669

Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action...

SUSE CVE-2013-7330

Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions...

Jenkins Plugin JAPEX 代码问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A code issue vulnerabilit...

CVE-2022-34786

Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...

CVE-2022-34786

Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...

Jenkins Plugin Rich Text Publisher 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from not escaping HTML messages set by its post-build...

PT-2022-22329 · Jenkins · Jenkins Testng Results Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins TestNG Results Plugin versions 554.va4a552116332 and earlier Description: The issue is related to a cross-site scripting XSS vulnerability. It occurs when the Jenkins TestNG Results Plugin renders unescaped test descriptions and...

GHSA-24G8-35X9-FV8R Stored XSS vulnerability in Jenkins FindBugs Plugin

Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step...

Stored XSS vulnerability in Jenkins FindBugs Plugin

Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step...

Stored XSS vulnerability in Coverage/Complexity Scatter Plot Plugin

Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to the plugin's post-build step...

Jenkins allows attackers to configure restricted projects

Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions...

GHSA-H5JV-HG68-MJHG Jenkins allows attackers to configure restricted projects

Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions...

GHSA-8RX6-V5Q4-XW3J enkins Coverage/Complexity Scatter Plot Plugin XML External Entity Reference vulnerability

Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control the input files for the 'Public Coverage / Complexity Scatter Plot' post-build step to have Jenkins parse a crafted...

enkins Coverage/Complexity Scatter Plot Plugin XML External Entity Reference vulnerability

Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control the input files for the 'Public Coverage / Complexity Scatter Plot' post-build step to have Jenkins parse a crafted...

PT-2022-18853 · Jenkins · Jenkins Coverage/Complexity Scatter Plot Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Coverage/Complexity Scatter Plot Plugin versions 1.1.1 and earlier Description: The issue allows attackers to control input files for the 'Public Coverage / Complexity Scatter Plot' post-build step, enabling them to have Jenkins parse...