18 matches found
CVE-2020-2265
Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to the plugin's post-build step...
CVE-2023-46655
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins...
Jenkins Plugin JAPEX 代码问题漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A code issue vulnerabilit...
GHSA-24G8-35X9-FV8R Stored XSS vulnerability in Jenkins FindBugs Plugin
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step...
Stored XSS vulnerability in Jenkins FindBugs Plugin
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step...
Stored XSS vulnerability in Coverage/Complexity Scatter Plot Plugin
Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to the plugin's post-build step...
GHSA-8RX6-V5Q4-XW3J enkins Coverage/Complexity Scatter Plot Plugin XML External Entity Reference vulnerability
Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control the input files for the 'Public Coverage / Complexity Scatter Plot' post-build step to have Jenkins parse a crafted...
enkins Coverage/Complexity Scatter Plot Plugin XML External Entity Reference vulnerability
Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control the input files for the 'Public Coverage / Complexity Scatter Plot' post-build step to have Jenkins parse a crafted...
CVE-2020-2317
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step...
CVE-2020-2317
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step...
PT-2020-15551 · Jenkins · Jenkins Findbugs Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins FindBugs Plugin versions 5.0.0 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the annotation message in tooltips is not properly escaped, allowing attackers to injec...
CVE-2020-2262
Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to the plugin's post-build step...
Cross site scripting
Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to the plugin's post-build step...
CVE-2020-2265
Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to the plugin's post-build step...
CVE-2020-2262
Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide report files to the plugin's post-build step...
PT-2020-15487 · Jenkins · Jenkins Android Lint Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Android Lint Plugin versions 2.6 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the plugin does not escape the annotation message in tooltips. This can be exploited ...
CVE-2020-2122
Jenkins Brakeman Plugin 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability exploitable by users able to control the Brakeman post-build step input data...
PT-2019-14699 · Jenkins · Jenkins Qmetry For Jira - Test Management Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins QMetry for JIRA - Test Management Plugin versions 1.12 and earlier Description: The issue concerns the storage of credentials in an unencrypted manner in job config.xml files on the Jenkins master or controller. This allows users with...