Jenkins

Icescrum

4 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2024-28160

  • EPSS 0.46%
  • Published 06.03.2024 17:15:11
  • Last modified 07.05.2025 14:23:45

Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.

4.3

CVE-2019-10441

  • EPSS 0.25%
  • Published 16.10.2019 14:15:12
  • Last modified 21.11.2024 04:19:08

A cross-site request forgery vulnerability in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials.

4.3

CVE-2019-10442

  • EPSS 0.03%
  • Published 16.10.2019 14:15:12
  • Last modified 21.11.2024 04:19:08

A missing permission check in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.

8.8

CVE-2019-10443

  • EPSS 0.12%
  • Published 16.10.2019 14:15:12
  • Last modified 21.11.2024 04:19:09

Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.