CVE-2024-23900
- EPSS 0.06%
- Veröffentlicht 24.01.2024 18:15:09
- Zuletzt bearbeitet 16.06.2025 20:15:26
Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins control...
CVE-2022-20615
- EPSS 43.56%
- Veröffentlicht 12.01.2022 20:15:08
- Zuletzt bearbeitet 21.11.2024 06:43:09
Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permissio...
CVE-2020-2224
- EPSS 0.3%
- Veröffentlicht 15.07.2020 18:15:37
- Zuletzt bearbeitet 21.11.2024 05:25:00
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerability.
CVE-2020-2225
- EPSS 0.31%
- Veröffentlicht 15.07.2020 18:15:37
- Zuletzt bearbeitet 21.11.2024 05:25:00
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability.
CVE-2019-1003031
- EPSS 12.39%
- Veröffentlicht 08.03.2019 21:29:00
- Zuletzt bearbeitet 21.11.2024 04:17:46
A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.