CVE-2023-50765

A missing permission check in Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID...

CVE-2023-50764

Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system...

CVE-2023-50764

CVE-2023-50764 concerns the Jenkins Scriptler Plugin (versions 342.v6a_89fd40f466 and earlier). The vulnerability stems from an unrestricted file-name query parameter in an HTTP endpoint, which, if an attacker has Scriptler/Configure permission, can lead to deletion of arbitrary files on the Jenk...

CVE-2023-50764

Jenkins Scriptler Plugin 342.v6a89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system...

PT-2023-31633 · Jenkins · Jenkins Scriptler Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Scriptler Plugin versions 342.v6a 89fd40f466 and earlier Description: The issue allows attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system due to a lack of restriction on a fil...

PT-2023-31634 · Jenkins · Jenkins Scriptler Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Scriptler Plugin versions 342.v6a 89fd40f466 and earlier Description: A missing permission check in the Jenkins Scriptler Plugin allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID...

Jenkins Scriptler Plugin Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Jenkins Scriptler Plugin Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Jenkins Scriptler Plugin Cross-Site Scripting (CVE-2021-21667)

A stored cross-site scripting vulnerability exists in Jenkins Scriptler Plugin. This vulnerability is due to insufficient escaping of parameter names shown in job configuration forms...

com.seitenbau.jenkins.plugins:dynamicparameter (=0.2.0), org.biouno:uno-choice (>=1.0 <=1.5.3-alpha) potentially affected by CVE-2021-21700 via org.jenkins-ci.plugins:scriptler (>=2.2 <=2.9)

org.jenkins-ci.plugins:scriptler MAVEN version =2.2, =1.0, =1.5.3-alpha Source cves: CVE-2021-21700 Source advisory: OSV:GHSA-F9GF-2Q87-5M44...

GHSA-F9GF-2Q87-5M44 Stored XSS vulnerability in Jenkins Scriptler Plugin

Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create Scriptler scripts. Jenkins Scriptler Plugin 3.4 escapes the name of...

Stored XSS vulnerability in Jenkins Scriptler Plugin

Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create Scriptler scripts. Jenkins Scriptler Plugin 3.4 escapes the name of...

com.seitenbau.jenkins.plugins:dynamicparameter (=0.2.0), org.biouno:uno-choice (>=1.0 <=1.5.3-alpha) potentially affected by CVE-2021-21667 via org.jenkins-ci.plugins:scriptler (>=2.2 <=2.9)

org.jenkins-ci.plugins:scriptler MAVEN version =2.2, =1.0, =1.5.3-alpha Source cves: CVE-2021-21667 Source advisory: OSV:GHSA-P479-RWHP-RWJX...

GHSA-P479-RWHP-RWJX Stored XSS vulnerability in Jenkins Scriptler Plugin

Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Scriptler/Configure permission. Jenkins Scriptler Plugin 3.3 escapes parameter names shown in jo...

Stored XSS vulnerability in Jenkins Scriptler Plugin

Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Scriptler/Configure permission. Jenkins Scriptler Plugin 3.3 escapes parameter names shown in jo...

GHSA-5C6C-W4C4-VGVX Stored XSS vulnerability in Jenkins Scriptler Plugin

Jenkins Scriptler Plugin 3.1 and earlier does not escape script content. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Scriptler/Configure permission. Jenkins Scriptler Plugin 3.2 escapes script content...

Stored XSS vulnerability in Jenkins Scriptler Plugin

Jenkins Scriptler Plugin 3.1 and earlier does not escape script content. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Scriptler/Configure permission. Jenkins Scriptler Plugin 3.2 escapes script content...

com.seitenbau.jenkins.plugins:dynamicparameter (=0.2.0), org.biouno:uno-choice (>=1.0 <=1.5.3-alpha) potentially affected by CVE-2021-21668 via org.jenkins-ci.plugins:scriptler (>=2.2 <=2.9)

org.jenkins-ci.plugins:scriptler MAVEN version =2.2, =1.0, =1.5.3-alpha Source cves: CVE-2021-21668 Source advisory: OSV:GHSA-5C6C-W4C4-VGVX...

Jenkins Cross-Site Scripting Vulnerability (CNVD-2021-93374)

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.A cross-site scripting vulnerability exists in the Jenkins Plugin, which stems from the Scriptler plugin version 3.3 and...

CVE-2021-21700

Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting XSS vulnerability exploitable by exploitable by attackers able to create Scriptler scripts...