3 results (0.002 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them. Jenkins build-metrics Plugin 1.3 y anteriores, no lleva a cabo comprobaciones de permisos en múltiples endpoints HTTP, lo que permite a atacantes con permiso Overall/Read obtener información sobre trabajos que de otro modo serían inaccesibles para ellos • https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2643 • CWE-863: Incorrect Authorization •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission. Jenkins build-metrics Plugin 1.3 no escapa a la descripción de la construcción en una de sus visualizaciones, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenada explotable por atacantes con permiso Build/Update • https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1118 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 97%CPEs: 1EXPL: 2

A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin. Una vulnerabilidad de tipo cross-site scripting reflejado en Jenkins build-metrics Plugin, permite a atacantes inyectar HTML y JavaScript arbitrario en las páginas web provistas por este plugin. Jenkins Build-Metrics plugin version 1.3 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/47598 https://github.com/vesche/CVE-2019-10475 http://packetstormsecurity.com/files/155200/Jenkins-Build-Metrics-1.3-Cross-Site-Scripting.html http://www.openwall.com/lists/oss-security/2019/10/23/2 https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1490 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •