Lucene search
K

56 matches found

OSV
OSV
added 2022/05/24 5:22 p.m.12 views

GHSA-RFRQ-3V89-FQG6 Reflected XSS in Jenkins Compatibility Action Storage Plugin

Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting XSS vulnerability...

6.1CVSS5.8AI score0.00699EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2022/05/24 4:58 p.m.4 views

org.jenkins-ci.plugins:google-storage-plugin (>=0.1 <=0.4) potentially affected by CVE-2019-10436 via org.jenkins-ci.plugins:google-oauth-plugin (=0.1)

org.jenkins-ci.plugins:google-oauth-plugin MAVEN version =0.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:google-oauth-plugin and may be impacted: - org.jenkins-ci.plugins:google-storage-plugin =0.1, =0.4 Source cves:...

6.5CVSS6.6AI score0.00989EPSS
Exploits0
CNNVD
CNNVD
added 2021/05/26 12:0 a.m.4 views

VMware vCenter Server 输入验证错误漏洞

Vmware VMware vCenter Server is a suite of server and virtualization management software from Vmware. A remote code execution vulnerability exists in VMware vCenter Server. The vulnerability is due to a lack of proper input validation of vSAN, a runtime condition check plug-in enabled by default...

10CVSS9.7AI score0.99999EPSS
Exploits13References12
CNVD
CNVD
added 2020/07/03 12:0 a.m.6 views

CloudBees Jenkins Compatibility Action Storage Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Compatibility Action Storage Plugin is used i...

6.1CVSS6AI score0.00699EPSS
Exploits0
OSV
OSV
added 2020/07/02 3:15 p.m.12 views

CVE-2020-2217

Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting XSS vulnerability...

6.1CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2020/07/02 3:15 p.m.25 views

CVE-2020-2217

Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting XSS vulnerability...

6.1CVSS0.00699EPSS
Exploits0References2
Prion
Prion
added 2020/07/02 3:15 p.m.10 views

Cross site scripting

Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting XSS vulnerability...

4.3CVSS6AI score0.00699EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/07/02 2:55 p.m.61 views

CVE-2020-2217

The CVE-2020-2217 issue affects Jenkins Compatibility Action Storage Plugin versions 1.0 and earlier. The root cause is that the plugin does not escape content coming from MongoDB in the testConnection form validation endpoint, leading to a reflected XSS vulnerability. Impact is reflected XSS as ...

6.1CVSS6AI score0.00699EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/07/02 2:55 p.m.26 views

CVE-2020-2217

Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting XSS vulnerability...

6AI score0.00699EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/07/02 12:0 a.m.4 views

PT-2020-15433 · Jenkins · Jenkins Compatibility Action Storage Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Compatibility Action Storage Plugin versions 1.0 and earlier Description: The issue is related to a reflected cross-site scripting XSS vulnerability. It occurs because the plugin does not escape the content coming from the MongoDB in...

6.1CVSS5.9AI score0.00699EPSS
Exploits0References7
CNVD
CNVD
added 2019/10/15 12:0 a.m.5 views

CloudBees Jenkins Minio Storage Plugin Trust Management Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Minio Storage Plugin is used in one of the...

8.8CVSS6.9AI score0.01773EPSS
Exploits0References1
NVD
NVD
added 2019/04/04 4:29 p.m.10 views

CVE-2019-10285

Jenkins Minio Storage Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

8.8CVSS8.7AI score0.01773EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/04/04 3:38 p.m.15 views

CVE-2019-10285

Jenkins Minio Storage Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

8.7AI score0.01773EPSS
Exploits0References3
CVE
CVE
added 2019/04/04 3:38 p.m.60 views

CVE-2019-10285

Affected software : Jenkins Minio Storage Plugin. Vulnerability : credentials are stored unencrypted in the global configuration file on the Jenkins master, specifically in org.jenkinsci.plugins.minio.MinioUploader.xml. Root cause : lack of encryption for stored credentials in the plugin’s config...

8.8CVSS8.6AI score0.01773EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.5 views

PT-2019-11687 · Jenkins · Jenkins Minio Storage Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Minio Storage Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller. Specifically, the...

8.8CVSS8.5AI score0.01773EPSS
Exploits0References5
ALT Linux
ALT Linux
added 2013/04/01 12:0 a.m.71 views

Security fix for the ALT Linux 8 package mariadb version April

April 1, 2013 Michael Shigorin 5.5.30-alt10 - New version - NB: 5.5.29 had important security fixes, including: + A buffer overflow that can cause a server crash or arbitrary code execution a variant of CVE-2012-5611 + CVE-2012-5627 fast password brute-forcing using the "change user" +...

6.5CVSS8.1AI score0.24564EPSS
Exploits7
Rows per page
Query Builder