Jenkins Matrix Authorization Strategy Plugin: Unsafe deserialization allows invocation of parameterless constructors

Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 both inclusive invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategies, without restricting the classes that can be instantiated. This can be abused by attackers with...

CVE-2026-42521

The vulnerability CVE-2026-42521 affects Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (inclusive). The issue arises during deserialization of inheritance strategies, where parameterless constructors of classes specified in configuration are invoked without restricting whi...

Permission Bypass

Jenkins Folder-based Authorization Strategy Plugin is vulnerable to Permission Bypass. The vulnerability is due to the plugin not verifying that permissions configured to be granted are enabled, where users formerly granted optional permissions can access functionality they're no longer entitled...

EUVD-2013-1033

Malware in sbrugna...

EUVD-2013-1034

Malware in sbrugna...

CVE-2013-10025

A vulnerability was found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic. Affected by this issue is the function exitpageadmin of the file exitpage.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.59 is...

CVE-2013-10024

A vulnerability has been found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the file exitpage.php. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version...

CVE-2013-10024

A vulnerability has been found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the file exitpage.php. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version...

CVE-2013-10025

A vulnerability was found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic. Affected by this issue is the function exitpageadmin of the file exitpage.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.59 is...

Cross site request forgery (csrf)

A vulnerability was found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic. Affected by this issue is the function exitpageadmin of the file exitpage.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.59 is...

Information disclosure

A vulnerability has been found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the file exitpage.php. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version...

CVE-2013-10025

CVE-2013-10025 refers to a CSRF vulnerability in the Exit Strategy Plugin for WordPress, specifically the function exitpageadmin in exitpage.php . The issue affects version 1.55 and is exploitable remotely. Upgrading to version 1.59 removes the vulnerability; the patch is identified as d964b8e961...

CVE-2013-10025 Exit Strategy Plugin exitpage.php exitpageadmin cross-site request forgery

A vulnerability was found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic. Affected by this issue is the function exitpageadmin of the file exitpage.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.59 is...

CVE-2013-10024 Exit Strategy Plugin exitpage.php information disclosure

A vulnerability has been found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the file exitpage.php. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version...

CVE-2013-10024 Exit Strategy Plugin exitpage.php information disclosure

A vulnerability has been found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the file exitpage.php. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version...

CVE-2013-10024

CVE-2013-10024 affects the Exit Strategy Plugin for WordPress (versions 1.55–1.58; addressed in 1.59). The vulnerability, triggered in exitpage.php, enables information disclosure via a remotely exploitable condition. A patch is available (patch ID d964b8e961b2634158719f3328f16eda16ce93ac), upgra...

PT-2023-10014 · Unknown · Exit Strategy Plugin

Name of the Vulnerable Software and Affected Versions: Exit Strategy Plugin versions 1.55 through 1.58 Description: A vulnerability was found in the Exit Strategy Plugin and classified as problematic. The issue affects the exitpageadmin function of the file exitpage.php. This manipulation leads t...

PT-2023-10013 · Unknown · Exit Strategy Plugin

Name of the Vulnerable Software and Affected Versions: Exit Strategy Plugin versions 1.55 through 1.58 Description: A vulnerability has been found in the Exit Strategy Plugin, affecting an unknown functionality of the file exitpage.php. This issue leads to information disclosure and can be...

Improper authorization due to caching in Jenkins Role-based Authorization Strategy Plugin

Role-based Authorization Strategy Plugin 2.12 and newer uses a cache to speed up permission lookups. Role-based Authorization Strategy Plugin 3.0 and earlier this cache is not invalidated properly when an administrator changes the permission configuration. This can result in permissions being...

GHSA-VR6V-WJFW-RXCR Stored XSS vulnerability in Jenkins Matrix Authorization Strategy Plugin

Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the permission table. This results in a stored cross-site scripting XSS vulnerability. When using project-based matrix authorization, this vulnerability can be exploited by a user with Job/Configure or...