117 matches found
Missing permission checks in Jenkins Maven Cascade Release Plugin
Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin...
CSRF vulnerability in Jenkins Maven Cascade Release Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin...
GHSA-VMG8-G8J3-M355 Stored XSS vulnerability in Jenkins Release Plugin
Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Release/Release permission...
Stored XSS vulnerability in Jenkins Release Plugin
Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Release/Release permission...
GHSA-2C84-35RV-6Q3F Stored XSS vulnerability in ClearCase Release Plugin
Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
Stored XSS vulnerability in ClearCase Release Plugin
Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
GHSA-G2X8-XW86-VPQ3 Cross-site request forgery (CSRF) vulnerability in Jenkins Maven Release Plugin
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents...
Cross-site request forgery (CSRF) vulnerability in Jenkins Maven Release Plugin
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents...
GHSA-79RM-F26G-296P Jenkins Maven Release Plugin vulnerable to Cross-site Scripting
A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins. Variables on affected views are now escaped...
GHSA-VWX8-QPQH-QWM9 Jenkins Maven Release Plug-in Plugin stored credentials in plain text
Jenkins Maven Release Plug-in Plugin stored credentials unencrypted in its global configuration file org.jvnet.hudson.plugins.m2release.M2ReleaseBuildWrapper.xml on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system. Maven Release...
GHSA-R4RV-CQ77-6P24 Jenkins Maven Release Plugin contains Cross-Site Request Forgery vulnerability
A cross-site request forgery vulnerability in Jenkins Maven Release Plugin prior to 0.15.0 in the M2ReleaseActiondoSubmit method allowed attackers to perform releases with attacker-specified options...
Jenkins Maven Release Plugin contains Cross-Site Request Forgery vulnerability
A cross-site request forgery vulnerability in Jenkins Maven Release Plugin prior to 0.15.0 in the M2ReleaseActiondoSubmit method allowed attackers to perform releases with attacker-specified options...
GHSA-J2H6-J34W-G5VP CSRF vulnerability in Jenkins Release plugin
Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds...
CSRF vulnerability in Jenkins Release plugin
Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds...
CloudBees Jenkins Release Plugin Cross-Site Scripting Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Audit Trail Plugin is used in one of the audi...
CVE-2020-2292
Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Release/Release permission...
CVE-2020-2292
Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Release/Release permission...
CVE-2020-2295
A cross-site request forgery CSRF vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin...
CVE-2020-2295
A cross-site request forgery CSRF vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin...
CVE-2020-2294
Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin...