Filtered by vendor Jenkins
Subscribe
Total
1603 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34185 | 1 Jenkins | 1 Date Parameter | 2023-11-03 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the name and description of Date parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34186 | 1 Jenkins | 1 Dynamic Extended Choice Parameter | 2023-11-03 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34187 | 1 Jenkins | 1 Filesystem List Parameter | 2023-11-03 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-30966 | 1 Jenkins | 1 Random String Parameter | 2023-11-03 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-30965 | 1 Jenkins | 1 Promoted Builds | 2023-11-03 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-30964 | 1 Jenkins | 1 Multiselect Parameter | 2023-11-03 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Multiselect parameter Plugin 1.3 and earlier does not escape the name and description of Multiselect parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-30963 | 1 Jenkins | 1 Jdk Parameter | 2023-11-03 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name and description of JDK parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34170 | 1 Jenkins | 1 Jenkins | 2023-11-03 | 4.3 MEDIUM | 5.4 MEDIUM |
| In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2022-30970 | 1 Jenkins | 1 Autocomplete Parameter | 2023-11-03 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropdown Autocomplete parameter and Auto Complete String parameter names in an unsafe manner from Javascript embedded in view definitions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-30968 | 1 Jenkins | 1 Vboxwrapper | 2023-11-03 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins vboxwrapper Plugin 1.3 and earlier does not escape the name and description of VBox node parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-30967 | 1 Jenkins | 1 Selection Tasks | 2023-11-03 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Selection tasks Plugin 1.0 and earlier does not escape the name and description of Script Selection task variable parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34176 | 1 Jenkins | 1 Junit | 2023-11-03 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission. | |||||
| CVE-2022-34173 | 1 Jenkins | 1 Jenkins | 2023-11-03 | 4.3 MEDIUM | 5.4 MEDIUM |
| In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2022-34172 | 1 Jenkins | 1 Jenkins | 2023-11-03 | 4.3 MEDIUM | 5.4 MEDIUM |
| In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-34171 | 1 Jenkins | 1 Jenkins | 2023-11-03 | 4.3 MEDIUM | 5.4 MEDIUM |
| In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' attribute of 'l:icon' (since Jenkins 2.335) without further escaping, resulting in a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-34184 | 1 Jenkins | 1 Crx Content Package Deployer | 2023-11-03 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34183 | 1 Jenkins | 1 Agent Server Parameter | 2023-11-03 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-34182 | 1 Jenkins | 1 Nested View | 2023-11-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-34178 | 1 Jenkins | 1 Embeddable Build Status | 2023-11-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cross-site scripting (XSS) vulnerability. | |||||
| CVE-2021-21697 | 1 Jenkins | 1 Jenkins | 2023-11-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions. | |||||