CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34789
https://notcve.org/view.php?id=CVE-2022-34789
A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlier allows attackers to rebuild previous matrix builds. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Jenkins Matrix Reloaded Plugin versiones 1.1.3 y anteriores, permite a atacantes reconstruir construcciones de matrices anteriores • https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2016 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34788
https://notcve.org/view.php?id=CVE-2022-34788
Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. Jenkins Matrix Reloaded Plugin versiones 1.1.3 y anteriores, no escapan el nombre del agente en las descripciones de herramientas, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado explotable por atacantes con permiso de Agent/Configure • https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1926 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •