jenkins: Excessive memory allocation in graph URLs leads to denial of service

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory in Jenkins, potentially leading to out of memory errors...

Cloudbees Jenkins and LTS Cross-Site Scripting Vulnerability (CNVD-2021-04646)

Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . A cross-site scripting...

Cloudbees Jenkins and LTS Authorization Issues Vulnerability (CNVD-2021-04651)

Cloudbees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An authorization issue...

PT-2021-14651 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.274 and earlier Jenkins LTS versions 2.263.1 and earlier Description: The issue results from the failure to escape button labels in the Jenkins UI, leading to a cross-site scripting XSS vulnerability. This vulnerability can...

Cloudbees Jenkins 授权问题漏洞

Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . An authorization issue vulnerabilit...