3 matches found
CVE-2022-25185
The CVE-2022-25185 entry relates to the Jenkins Generic Webhook Trigger Plugin (versions ≤ 1.81). Root cause: the plugin does not escape the build cause when using the webhook, enabling a stored XSS vulnerability. Impact: attacker with Item/Configure permission can exploit via the webhook to inje...
CVE-2022-43412
CVE-2022-43412 affects Jenkins Generic Webhook Trigger Plugin (versions 1.84.1 and earlier). The vulnerability stems from a non-constant time comparison when validating the provided webhook token against the expected token, which could enable attackers to infer a valid token via statistical metho...
CVE-2021-21669
CVE-2021-21669 affects the Jenkins Generic Webhook Trigger Plugin (versions 1.72 and earlier). The root cause is an XML parser that does not disable external entity resolution, enabling XML External Entity (XXE) attacks. Exploitation could allow a crafted webhook payload to cause leakage of file ...