CVE-2023-35145

A flaw was found in the Jenkins Sonargraph Integration Plugin, where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. This flaw allows a remote, authenticated attacker to inject malicious script into a Web page, which would be executed in a victim...

Cross-site Scripting (XSS)

Sonargraph Integration Jenkins Plugin is vulnerable to Cross-site Scripting XSS. The vulnerability exists in doCheckLogFile function in SonargraphReportBuilder.java because it fails to escape the file path and the project name for the Log file field form validation which allows an attacker to...

Jenkins plugins Multiple Vulnerabilities (2023-06-14)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default. CVE-2023-3514...

CVE-2023-35145

Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission...

CVE-2023-35145

Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission...

CVE-2023-35145

Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission...

CVE-2023-35145

Summary of CVE-2023-35145 (Jenkins Sonargraph Integration Plugin) Affected: Jenkins Sonargraph Integration Plugin 5.0.1 and earlier. Issue: The plugin does not escape the file path and the project name in the Log file field form validation, leading to a stored cross-site scripting (XSS) vulnerabi...

Jenkins Plugin Sonargraph Integration 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2023-25164 · Jenkins · Jenkins Sonargraph Integration Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Sonargraph Integration Plugin versions 5.0.1 and earlier Description: The issue is related to a stored cross-site scripting vulnerability. It occurs because the file path and the project name for the Log file field form validation are...

GHSA-F799-HFG3-48JP Stored XSS vulnerability in Jenkins Sonargraph Integration Plugin

Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation. This results in a stored cross-site scripting XSS vulnerability that can be exploited by users with Job/Configure permission. Sonargraph Integration Plugin 3.0.1 escapes the...

CloudBees Jenkins Sonargraph Integration Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Sonargraph Integration Plugin is used in one ...

CVE-2020-2201

The CVE-2020-2201 entry concerns Jenkins Sonargraph Integration Plugin versions 3.0.0 and earlier, where the Log file field form validation does not escape the file path, causing a stored cross-site scripting (XSS) vulnerability. Affected component: Sonargraph Integration Plugin; root cause: lack...