3 results (0.002 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. Jenkins Generic Webhook Trigger Plugin versiones 1.84.1 y anteriores, usa una función de comparación de tiempo no constante cuando comprueba si el token de webhook proporcionado y el esperado son iguales, permitiendo potencialmente a atacantes usar métodos estadísticos para obtener un token de webhook válido • http://www.openwall.com/lists/oss-security/2022/10/19/3 https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2874 • CWE-203: Observable Discrepancy •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Jenkins Generic Webhook Trigger Plugin versiones 1.81 y anteriores, no escapa a la causa de la construcción cuando es usado el webhook, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenada explotable por atacantes con permiso de Item/Configure • http://www.openwall.com/lists/oss-security/2022/02/15/2 https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2592 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. El Jenkins Generic Webhook Trigger Plugin versión 1.72 y anteriores, no configura su analizador XML para prevenir ataques de tipo XML external entity (XXE) • http://www.openwall.com/lists/oss-security/2021/06/18/1 https://www.jenkins.io/security/advisory/2021-06-18/#SECURITY-2330 •