CVE-2023-50764
- EPSS 0.07%
- Veröffentlicht 13.12.2023 18:15:43
- Zuletzt bearbeitet 21.11.2024 08:37:16
Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system.
CVE-2023-50765
- EPSS 0.07%
- Veröffentlicht 13.12.2023 18:15:43
- Zuletzt bearbeitet 21.11.2024 08:37:16
A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID.
CVE-2021-21700
- EPSS 16.39%
- Veröffentlicht 12.11.2021 11:15:08
- Zuletzt bearbeitet 21.11.2024 05:48:51
Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by exploitable by attackers able to create Script...
CVE-2021-21667
- EPSS 1.26%
- Veröffentlicht 16.06.2021 14:15:08
- Zuletzt bearbeitet 21.11.2024 05:48:47
Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.
CVE-2021-21668
- EPSS 1.26%
- Veröffentlicht 16.06.2021 14:15:08
- Zuletzt bearbeitet 21.11.2024 05:48:47
Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.