Jenkins

Jenkins

268 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.03%
  • Veröffentlicht 13.01.2021 16:15:13
  • Zuletzt bearbeitet 21.11.2024 05:48:41

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to control button labels.

  • EPSS 1.31%
  • Veröffentlicht 13.01.2021 16:15:13
  • Zuletzt bearbeitet 21.11.2024 05:48:41

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission.

  • EPSS 0.51%
  • Veröffentlicht 01.09.2020 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:25:05

Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.

Exploit
  • EPSS 6.77%
  • Veröffentlicht 12.08.2020 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:25:01

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability.

Exploit
  • EPSS 83.05%
  • Veröffentlicht 12.08.2020 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:25:01

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.

Exploit
  • EPSS 5.3%
  • Veröffentlicht 12.08.2020 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:25:01

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure p...

  • EPSS 1.08%
  • Veröffentlicht 15.07.2020 18:15:37
  • Zuletzt bearbeitet 21.11.2024 05:24:59

Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability.

  • EPSS 1.13%
  • Veröffentlicht 15.07.2020 18:15:37
  • Zuletzt bearbeitet 21.11.2024 05:25:00

Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability.

  • EPSS 1.03%
  • Veröffentlicht 15.07.2020 18:15:37
  • Zuletzt bearbeitet 21.11.2024 05:25:00

Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability.

  • EPSS 1.02%
  • Veröffentlicht 15.07.2020 18:15:36
  • Zuletzt bearbeitet 21.11.2024 05:24:59

Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability.