Skip to content

TechMedia

Header Image
Archive

Month: May 2022

376 Posts

Featured

Posted byWpmaster
ウクライナ戦争に見るワイパー攻撃の実態とデジタル情報操作
Posted byWpmaster
「エースコンバット」と「トップガン マーヴェリック」が夢のコラボ!マーヴェリックスキンの「F-14A Tomcat」や「F/A-18E Super Hornet」が登場!
Posted byWpmaster
高橋幸宏、ソロ活動50周年記念!『T.E.N.T Years Vinyl Box』収録ライブ音源の詳細発表!
Posted byWpmaster
[camaleon_cms] Camaleon CMS Stored Cross-site Scripting vulnerability

[org.jenkins-ci.plugins:custom-job-icon] Stored XSS vulnerability in Custom Job Icon Plugin

  • Posted inHIGH
  • Posted byWpmaster
  • 05/25/202212/29/2022

Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
References

https://nvd.nist.gov/vul…

[org.jenkins-ci.plugins:covcomplplot] Stored XSS vulnerability in Coverage/Complexity Scatter Plot Plugin

  • Posted inHIGH
  • Posted byWpmaster
  • 05/25/202212/29/2022

Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin’s p…

[org.jvnet.hudson.plugins:locked-files-report] Stored XSS vulnerability in Locked Files Report Plugin

  • Posted inHIGH
  • Posted byWpmaster
  • 05/25/202212/29/2022

Jenkins Locked Files Report Plugin 1.6 and earlier does not escape locked files’ names in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
References

https://nvd.nist.gov/…

[org.jvnet.hudson.plugins:clearcase-release] Stored XSS vulnerability in ClearCase Release Plugin

  • Posted inHIGH
  • Posted byWpmaster
  • 05/25/202212/29/2022

Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
References

https://nvd.nis…

[org.jenkins-ci.plugins:chosen-views-tabbar] Stored XSS vulnerability in chosen-views-tabbar Plugin

  • Posted inHIGH
  • Posted byWpmaster
  • 05/25/202212/29/2022

Jenkins chosen-views-tabbar Plugin 1.2 and earlier does not escape view names in the dropdown to select views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to configure views.
References

http…

[org.jenkins-ci.plugins:mongodb] CSRF vulnerability in MongoDB Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 05/25/202212/29/2022

A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-2268
ht…

[org.jenkins-ci.plugins:mongodb] Missing permission checks in MongoDB Plugin

  • Posted inMODERATE
  • Posted byWpmaster
  • 05/25/202212/29/2022

A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-2…

[org.jenkins-ci.plugins:description-column-plugin] Stored XSS vulnerability in Description Column Plugin

  • Posted inHIGH
  • Posted byWpmaster
  • 05/25/202212/29/2022

Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
References

https://nvd….

[org.jenkins-ci.plugins:radiatorviewplugin] Stored XSS vulnerability in Radiator View Plugin

  • Posted inHIGH
  • Posted byWpmaster
  • 05/25/202212/29/2022

Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
References

https://nvd.nist.gov…

[jenkins.ci.plugins.computerqueue:computer-queue-plugin] Stored XSS vulnerability in computer-queue-plugin Plugin

  • Posted inHIGH
  • Posted byWpmaster
  • 05/25/202212/29/2022

computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.
computer-queue-plugin Plugin 1.6 escape…

Posts navigation

Previous Posts 1 … 11 12 13 14 15 … 38 Next Posts
TechMedia
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close