CVE-2021-21608
- EPSS 1.03%
- Veröffentlicht 13.01.2021 16:15:13
- Zuletzt bearbeitet 21.11.2024 05:48:41
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to control button labels.
CVE-2021-21609
- EPSS 1.31%
- Veröffentlicht 13.01.2021 16:15:13
- Zuletzt bearbeitet 21.11.2024 05:48:41
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission.
CVE-2020-2251
- EPSS 0.51%
- Veröffentlicht 01.09.2020 14:15:13
- Zuletzt bearbeitet 21.11.2024 05:25:05
Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.
CVE-2020-2229
- EPSS 6.77%
- Veröffentlicht 12.08.2020 14:15:13
- Zuletzt bearbeitet 21.11.2024 05:25:01
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability.
CVE-2020-2230
- EPSS 83.05%
- Veröffentlicht 12.08.2020 14:15:13
- Zuletzt bearbeitet 21.11.2024 05:25:01
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.
CVE-2020-2231
- EPSS 5.3%
- Veröffentlicht 12.08.2020 14:15:13
- Zuletzt bearbeitet 21.11.2024 05:25:01
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure p...
CVE-2020-2221
- EPSS 1.08%
- Veröffentlicht 15.07.2020 18:15:37
- Zuletzt bearbeitet 21.11.2024 05:24:59
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability.
CVE-2020-2222
- EPSS 1.13%
- Veröffentlicht 15.07.2020 18:15:37
- Zuletzt bearbeitet 21.11.2024 05:25:00
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability.
CVE-2020-2223
- EPSS 1.03%
- Veröffentlicht 15.07.2020 18:15:37
- Zuletzt bearbeitet 21.11.2024 05:25:00
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability.
CVE-2020-2220
- EPSS 1.02%
- Veröffentlicht 15.07.2020 18:15:36
- Zuletzt bearbeitet 21.11.2024 05:24:59
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability.