Lucene search
K

117 matches found

Github Security Blog
Github Security Blog
added 2022/05/24 5:30 p.m.27 views

Missing permission checks in Jenkins Maven Cascade Release Plugin

Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin...

6.5CVSS6.1AI score0.00808EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:30 p.m.29 views

CSRF vulnerability in Jenkins Maven Cascade Release Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin...

6.5CVSS6.2AI score0.00538EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/24 5:30 p.m.18 views

GHSA-VMG8-G8J3-M355 Stored XSS vulnerability in Jenkins Release Plugin

Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Release/Release permission...

5.4CVSS5.3AI score0.00735EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 5:30 p.m.24 views

Stored XSS vulnerability in Jenkins Release Plugin

Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Release/Release permission...

5.4CVSS4.9AI score0.00735EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 5:28 p.m.11 views

GHSA-2C84-35RV-6Q3F Stored XSS vulnerability in ClearCase Release Plugin

Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

8CVSS5.3AI score0.0072EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 5:28 p.m.25 views

Stored XSS vulnerability in ClearCase Release Plugin

Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

5.4CVSS4.9AI score0.0072EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/24 5:3 p.m.13 views

GHSA-G2X8-XW86-VPQ3 Cross-site request forgery (CSRF) vulnerability in Jenkins Maven Release Plugin

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents...

8.8CVSS8.7AI score0.0064EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 5:3 p.m.18 views

Cross-site request forgery (CSRF) vulnerability in Jenkins Maven Release Plugin

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents...

8.8CVSS6.9AI score0.0064EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 4:51 p.m.15 views

GHSA-79RM-F26G-296P Jenkins Maven Release Plugin vulnerable to Cross-site Scripting

A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins. Variables on affected views are now escaped...

5.4CVSS5.2AI score0.00688EPSS
Exploits0References4
OSV
OSV
added 2022/05/24 4:51 p.m.17 views

GHSA-VWX8-QPQH-QWM9 Jenkins Maven Release Plug-in Plugin stored credentials in plain text

Jenkins Maven Release Plug-in Plugin stored credentials unencrypted in its global configuration file org.jvnet.hudson.plugins.m2release.M2ReleaseBuildWrapper.xml on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system. Maven Release...

3.3CVSS5.3AI score0.00471EPSS
Exploits0References4
OSV
OSV
added 2022/05/24 4:51 p.m.23 views

GHSA-R4RV-CQ77-6P24 Jenkins Maven Release Plugin contains Cross-Site Request Forgery vulnerability

A cross-site request forgery vulnerability in Jenkins Maven Release Plugin prior to 0.15.0 in the M2ReleaseActiondoSubmit method allowed attackers to perform releases with attacker-specified options...

6.3CVSS6.2AI score0.00607EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 4:51 p.m.21 views

Jenkins Maven Release Plugin contains Cross-Site Request Forgery vulnerability

A cross-site request forgery vulnerability in Jenkins Maven Release Plugin prior to 0.15.0 in the M2ReleaseActiondoSubmit method allowed attackers to perform releases with attacker-specified options...

6.8CVSS4.1AI score0.00607EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/14 3:45 a.m.11 views

GHSA-J2H6-J34W-G5VP CSRF vulnerability in Jenkins Release plugin

Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds...

8.8CVSS8.7AI score0.01019EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/14 3:45 a.m.22 views

CSRF vulnerability in Jenkins Release plugin

Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds...

8.8CVSS6.7AI score0.01019EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2020/10/12 12:0 a.m.3 views

CloudBees Jenkins Release Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Audit Trail Plugin is used in one of the audi...

5.4CVSS6.3AI score0.00735EPSS
Exploits0References1
NVD
NVD
added 2020/10/08 1:15 p.m.21 views

CVE-2020-2292

Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Release/Release permission...

5.4CVSS0.00735EPSS
Exploits0References2
OSV
OSV
added 2020/10/08 1:15 p.m.3 views

CVE-2020-2292

Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Release/Release permission...

5.4CVSS6AI score0.00735EPSS
Exploits0References2
NVD
NVD
added 2020/10/08 1:15 p.m.24 views

CVE-2020-2295

A cross-site request forgery CSRF vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin...

6.5CVSS0.00538EPSS
Exploits0References2
OSV
OSV
added 2020/10/08 1:15 p.m.22 views

CVE-2020-2295

A cross-site request forgery CSRF vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin...

6.5CVSS6.7AI score
Exploits0References2
NVD
NVD
added 2020/10/08 1:15 p.m.20 views

CVE-2020-2294

Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin...

6.5CVSS0.00808EPSS
Exploits0References2
Rows per page
Query Builder