Lucene search
K

5 matches found

OSV
OSV
added 2026/06/13 8:41 a.m.9 views

BIT-JENKINS-2026-53441

Jenkins 2.483 through 2.567 both inclusive, LTS 2.492.1 through 2.555.2 both inclusive does not escape the user-provided description of a generic offline cause that could be set through the POST config.xml API, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers...

5.4CVSS4.9AI score0.00261EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/10 3:31 p.m.11 views

Jenkins: Stored XSS vulnerability in node offline cause description

Jenkins 2.483 through 2.567 both inclusive, LTS 2.492.1 through 2.555.2 both inclusive does not escape the user-provided description of a generic offline cause that could be set through the POST config.xml API, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers...

5.4CVSS4.8AI score0.00261EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/10 1:6 p.m.6 views

CVE-2026-53442

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to t...

5.3CVSS5.5AI score0.0019EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 1:6 p.m.7 views

CVE-2026-53442

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to t...

5.3AI score0.0019EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 1:6 p.m.47 views

CVE-2026-53441

Summary: CVE-2026-53441 affects Jenkins core 2.483–2.567 and LTS 2.492.1–2.555.2, where the description field for an offline cause can be stored via the POST config.xml API, enabling stored XSS. This requires attacker permission at Agent/Configure level. What’s known from provided sources: The vu...

5.4CVSS5.2AI score0.00261EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder