46 matches found
CVE-2023-50764
Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system...
CVE-2023-50765
A missing permission check in Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID...
Arbitrary file deletion vulnerability in Jenkins Scriptler Plugin
Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system...
GHSA-4J42-6XFX-H754 Missing permission check in Jenkins Scriptler Plugin
A missing permission check in Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID...
CVE-2023-50764
Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system...
CVE-2023-50764
Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system...
CVE-2023-50765
A missing permission check in Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID...
CVE-2023-50765
A missing permission check in Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID...
Information disclosure
A missing permission check in Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID...
CVE-2023-50765
CVE-2023-50765 affects Jenkins Scriptler Plugin versions 342.v6a_89fd40f466 and earlier. The vulnerability is a missing permission check that allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID. Impact is information disclosure of Groovy scripts...
CVE-2023-50765
A missing permission check in Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID...
CVE-2023-50764
Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system...
CVE-2023-50764
CVE-2023-50764 concerns the Jenkins Scriptler Plugin (versions 342.v6a_89fd40f466 and earlier). The vulnerability stems from an unrestricted file-name query parameter in an HTTP endpoint, which, if an attacker has Scriptler/Configure permission, can lead to deletion of arbitrary files on the Jenk...
CVE-2023-50764
Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system...
PT-2023-31634 · Jenkins · Jenkins Scriptler Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Scriptler Plugin versions 342.v6a 89fd40f466 and earlier Description: A missing permission check in the Jenkins Scriptler Plugin allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID...
PT-2023-31633 · Jenkins · Jenkins Scriptler Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Scriptler Plugin versions 342.v6a 89fd40f466 and earlier Description: The issue allows attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system due to a lack of restriction on a fil...
Jenkins Scriptler Plugin Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Scriptler Plugin Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Scriptler Plugin Cross-Site Scripting (CVE-2021-21667)
A stored cross-site scripting vulnerability exists in Jenkins Scriptler Plugin. This vulnerability is due to insufficient escaping of parameter names shown in job configuration forms...
GHSA-F9GF-2Q87-5M44 Stored XSS vulnerability in Jenkins Scriptler Plugin
Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create Scriptler scripts. Jenkins Scriptler Plugin 3.4 escapes the name of...