Lucene search
K

7 matches found

OSV
OSV
added 2026/06/13 8:41 a.m.9 views

BIT-JENKINS-2026-53441

Jenkins 2.483 through 2.567 both inclusive, LTS 2.492.1 through 2.555.2 both inclusive does not escape the user-provided description of a generic offline cause that could be set through the POST config.xml API, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers...

5.4CVSS4.9AI score0.00261EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/10 3:31 p.m.11 views

Jenkins: Stored XSS vulnerability in node offline cause description

Jenkins 2.483 through 2.567 both inclusive, LTS 2.492.1 through 2.555.2 both inclusive does not escape the user-provided description of a generic offline cause that could be set through the POST config.xml API, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers...

5.4CVSS4.8AI score0.00261EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/10 1:6 p.m.7 views

CVE-2026-53442

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to t...

5.3AI score0.0019EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 1:6 p.m.23 views

CVE-2026-53442

CVE-2026-53442 affects Jenkins 2.567 and earlier, LTS 2.555.2 and earlier. The issue: secrets posted via config.xml are not encrypted before being stored in job config.xml files on the Jenkins controller, allowing disclosure to users with Item/Extended Read permissions or filesystem access. This ...

5.3CVSS5.5AI score0.0019EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/10 1:6 p.m.6 views

CVE-2026-53442

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to t...

5.3CVSS5.5AI score0.0019EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 1:6 p.m.47 views

CVE-2026-53441

Summary: CVE-2026-53441 affects Jenkins core 2.483–2.567 and LTS 2.492.1–2.555.2, where the description field for an offline cause can be stored via the POST config.xml API, enabling stored XSS. This requires attacker permission at Agent/Configure level. What’s known from provided sources: The vu...

5.4CVSS5.2AI score0.00261EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.9 views

PT-2026-48427

Name of the Vulnerable Software and Affected Versions Jenkins versions prior to 2.568 Jenkins LTS versions prior to 2.555.3 Description Secrets provided via POST config.xml submissions are stored unencrypted in job configuration files on the Jenkins controller. This allows users with Item/Extende...

5.3CVSS5.3AI score0.0019EPSS
Exploits0References7
Rows per page
Query Builder