CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30965
https://notcve.org/view.php?id=CVE-2022-30965
Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. El plugin Jenkins Promoted Builds (Simple) versiones 1.9 y anteriores, no escapa del nombre y la descripción de los parámetros Promotion Level en las vistas que muestran parámetros, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenada explotable por atacantes con permiso Item/Configure • https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2717 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29045
https://notcve.org/view.php?id=CVE-2022-29045
Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Jenkins promoted builds Plugin versiones 873.v6149db_d64130 y anteriores, excepto 3.10.1, no escapa del nombre y la descripción de los parámetros de Promoted Build en las visualizaciones que muestran parámetros, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado explotable por atacantes con permiso Item/Configure • https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29049
https://notcve.org/view.php?id=CVE-2022-29049
Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not validate the names of promotions defined in Job DSL, allowing attackers with Job/Configure permission to create a promotion with an unsafe name. Jenkins promoted builds Plugin versiones 873.v6149db_d64130 y anteriores, excepto 3.10.1, no comprueba los nombres de las promociones definidas en Job DSL, lo que permite a atacantes con permiso de Job/Configure crear una promoción con un nombre no seguro • https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2655 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21641
https://notcve.org/view.php?id=CVE-2021-21641
A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en unas compilaciones promocionadas por Jenkins Plugin versiones 3.9 y anteriores, permite a atacantes promover compilaciones • http://www.openwall.com/lists/oss-security/2021/04/07/2 https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2293 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000114
https://notcve.org/view.php?id=CVE-2018-1000114
An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions. Existe una vulnerabilidad de autorización incorrecta en el plugin Promoted Builds para Jenkins, en versiones 2.31.1 y anteriores, en Status.java y ManualCondition.java que permite que un atacante con acceso de lectura a los trabajos realice promociones. • https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746 • CWE-863: Incorrect Authorization •