Page 12 of 236 results (0.013 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML files with a short path. Jenkins versiones 2.274 y anteriores, LTS versiones 2.263.1 y anteriores, comprueban inapropiadamente el formato de una identificación de huella digital proporcionada al comprobar su existencia, permitiendo a un atacante comprobar la existencia de archivos XML con una ruta corta. • https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2023 https://access.redhat.com/security/cve/CVE-2021-21606 https://bugzilla.redhat.com/show_bug.cgi?id=1925159 • CWE-20: Improper Input Validation •

CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instantiation of potentially unsafe objects once discarded by an administrator. Jenkins versiones 2.274 y anteriores, LTS versiones 2.263.1 y anteriores, permite a atacantes con permiso para crear o configurar varios objetos para inyectar contenido diseñado en Old Data Monitor que resulta en la instanciación de objetos potencialmente no seguros una vez que son descartados por un administrador. A flaw was found in jenkins. An attacker with permission to create or configure various objects to inject crafted content into Old Data Monitor can cause the instantiation of potentially unsafe objects once discarded by an administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1923 https://access.redhat.com/security/cve/CVE-2021-21604 https://bugzilla.redhat.com/show_bug.cgi?id=1925157 • CWE-502: Deserialization of Untrusted Data •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability. Jenkins versiones 2.274 y anteriores, LTS versiones 2.263.1 y anteriores, no escapan el contenido de respuesta de la barra de notificaciones, resultando en una vulnerabilidad de tipo cross-site scripting (XSS). A flaw was found in jenkins. A cross-site scripting (XSS) vulnerability is possible due to the contents of the notification bar responses not being properly escaped. The highest threat from this vulnerability is to data confidentiality and integrity. • https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1889 https://access.redhat.com/security/cve/CVE-2021-21603 https://bugzilla.redhat.com/show_bug.cgi?id=1925160 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks. Jenkins versiones 2.274 y anteriores, LTS versiones 2.263.1 y anteriores, permite leer archivos arbitrarios usando el explorador de archivos para espacios de trabajo y artefactos archivados al seguir enlaces simbólicos. • https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1452 https://access.redhat.com/security/cve/CVE-2021-21602 https://bugzilla.redhat.com/show_bug.cgi?id=1925161 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure. Jenkins SoapUI Pro Functional Testing Plugin versiones 1.5 y anteriores, transmite contraseñas del proyecto dentro de su configuración en texto plano como parte de los formularios de configuración del trabajo, resultando potencialmente en su exposición • http://www.openwall.com/lists/oss-security/2020/09/01/3 https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%282%29 • CWE-319: Cleartext Transmission of Sensitive Information •