CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50765
https://notcve.org/view.php?id=CVE-2023-50765
A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID. Una verificación de permiso faltante en el complemento Jenkins Scriptler 342.v6a_89fd40f466 y anteriores permite a atacantes con permiso general/lectura leer el contenido de un script Groovy conociendo su ID. • http://www.openwall.com/lists/oss-security/2023/12/13/4 https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3206 • CWE-862: Missing Authorization •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50764
https://notcve.org/view.php?id=CVE-2023-50764
Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system. El complemento Jenkins Scriptler 342.v6a_89fd40f466 y anteriores no restringe un parámetro de consulta de nombre de archivo en un endpoint HTTP, lo que permite a atacantes con permiso Scriptler/Configure eliminar archivos arbitrarios en el sistema de archivos del controlador Jenkins. • http://www.openwall.com/lists/oss-security/2023/12/13/4 https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3205 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21700
https://notcve.org/view.php?id=CVE-2021-21700
Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by exploitable by attackers able to create Scriptler scripts. El plugin Jenkins Scriptler versiones 3.3 y anteriores, no escapa el nombre de los scripts en la UI cuando pide confirmar su eliminación, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenada explotable por atacantes capaces de crear scripts Scriptler • http://www.openwall.com/lists/oss-security/2021/11/12/1 https://www.jenkins.io/security/advisory/2021-11-12/#SECURITY-2406 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21668
https://notcve.org/view.php?id=CVE-2021-21668
Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission. Jenkins Scriptler Plugin versiones 3.1 y anteriores, no escapan el contenido de los scripts, lo que resulta en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado explotable por atacantes con permiso de Scriptler/Configure • http://www.openwall.com/lists/oss-security/2021/06/16/3 https://www.jenkins.io/security/advisory/2021-06-16/#SECURITY-2390 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21667
https://notcve.org/view.php?id=CVE-2021-21667
Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission. Jenkins Scriptler Plugin versiones 3.2 y anteriores no escapan los nombres de los parámetros mostrados en los formularios de configuración de trabajos, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado explotable por atacantes con permiso de Scriptler/Configure • http://www.openwall.com/lists/oss-security/2021/06/16/3 https://www.jenkins.io/security/advisory/2021-06-16/#SECURITY-2224 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •