CVE-2023-50764
- EPSS 0.07%
- Published 13.12.2023 18:15:43
- Last modified 21.11.2024 08:37:16
Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system.
CVE-2023-50765
- EPSS 0.07%
- Published 13.12.2023 18:15:43
- Last modified 21.11.2024 08:37:16
A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID.
CVE-2021-21700
- EPSS 16.39%
- Published 12.11.2021 11:15:08
- Last modified 21.11.2024 05:48:51
Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by exploitable by attackers able to create Script...
CVE-2021-21667
- EPSS 1.26%
- Published 16.06.2021 14:15:08
- Last modified 21.11.2024 05:48:47
Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.
CVE-2021-21668
- EPSS 1.26%
- Published 16.06.2021 14:15:08
- Last modified 21.11.2024 05:48:47
Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.