4 matches found
PT-2022-22066 · Jenkins · Jenkins Sauce Ondemand Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Sauce OnDemand Plugin versions 1.204 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability, which can be exploited by attackers with Item/Configure permission. This occurs because the plugin doe...
PT-2022-22064 · Jenkins +1 · Jenkins +2
Name of the Vulnerable Software and Affected Versions: Jenkins Repository Connector Plugin versions 2.2.0 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the Jenkins Repository Connector Plugin does not escape the name and description of...
CVE-2017-2604
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks SECURITY-371...
CVE-2017-2599
Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items e.g. jobs to overwrite existing items they don't have access to SECURITY-321...