CVSS: 5.4EPSS: 16%CPEs: 1EXPL: 0CVE-2022-27212
https://notcve.org/view.php?id=CVE-2022-27212
15 Mar 2022 — Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the 'List Git branches (and more)' parameter, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. El Plugin List Git Branches Parameter de Jenkins 0.0.9 y anteriores, no escapa del nombre del parámetro "List Git branches (and more)", resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenada explotable por atacantes con permiso Item/... • http://www.openwall.com/lists/oss-security/2022/03/15/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21684 – jenkins-2-plugins/git: stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2021-21684
06 Oct 2021 — Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability. El plugin Git de Jenkins versiones 4.8.2 y anteriores, no escapa a los parámetros de suma de comprobación Git SHA-1 proporcionados a las notificaciones de commit cuando se muestran en una causa de construcción, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado... • http://www.openwall.com/lists/oss-security/2021/10/06/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-116: Improper Encoding or Escaping of Output •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2238
https://notcve.org/view.php?id=CVE-2020-2238
01 Sep 2020 — Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. Jenkins Git Parameter Plugin versiones 0.9.12 y anteriores, no escapan el campo repository en la página "Build with Parameters", resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado que los atacantes pueden explotar con permiso de Job/Configure • http://www.openwall.com/lists/oss-security/2020/09/01/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2136 – jenkins-git-plugin: stored cross-site scripting
https://notcve.org/view.php?id=CVE-2020-2136
09 Mar 2020 — Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability. Jenkins Git Plugin versiones 4.2.0 y anteriores, no escapa al mensaje de error de la URL del repositorio para la comprobación del formulario del campo TFS de Microsoft, resultando en una vulnerabilidad de tipo cross-site scripting almacenado. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes... • http://www.openwall.com/lists/oss-security/2020/03/09/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2112
https://notcve.org/view.php?id=CVE-2020-2112
12 Feb 2020 — Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission. Jenkins Git Parameter Plugin versiones 0.9.11 y anteriores, no escapa al parámetro name que se muestra en la Interfaz de Usuario, resultando en una vulnerabilidad de tipo cross-site scripting almacenado que los usuarios con permiso Job/Configure pueden explotar. • http://www.openwall.com/lists/oss-security/2020/02/12/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2113
https://notcve.org/view.php?id=CVE-2020-2113
12 Feb 2020 — Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission. Jenkins Git Parameter Plugin versiones 0.9.11 y anteriores, no escapa al valor predeterminado que se muestra en la Interfaz de Usuario, resultando en una vulnerabilidad de tipo cross-site scripting almacenado que los usuarios con permiso Job/Configure pueden explotar. • http://www.openwall.com/lists/oss-security/2020/02/12/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10414
https://notcve.org/view.php?id=CVE-2019-10414
25 Sep 2019 — Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. Jenkins Git Changelog Plugin versión 2.17 y versiones anteriores almacena credenciales sin cifrar en los archivos de trabajo config.xml en el maestro de Jenkins, donde pueden ser visualizadas por los usuarios con permiso de Lectura Extendida o acceso al sistema de archivos maestro. • http://www.openwall.com/lists/oss-security/2019/09/25/3 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 84%CPEs: 2EXPL: 2CVE-2019-10392 – jenkins-git-client-plugin: OS command injection via 'git ls-remote'
https://notcve.org/view.php?id=CVE-2019-10392
12 Sep 2019 — Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection. Jenkins Git Client Plugin versión 2.8.4 y versiones anteriores y versión 3.0.0-rc , no restringían apropiadamente los valores pasados como argumento de la URL en una invocación de "git ls-remote", resultando en una inyección de comandos del Sistema Operativo. Red Hat OpenShift Container Platform is Red Hat's cloud computing K... • https://github.com/jas502n/CVE-2019-10392 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1003010
https://notcve.org/view.php?id=CVE-2019-1003010
06 Feb 2019 — A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record. Existe una vulnerabilidad Cross-Site Request Forgery (CSRF) en Jenkins Git Plugin, en versiones 3.9.1 y anteriores, en src/main/java/hudson/plugins/git/GitTagAction.java, que permite que los atacantes creen una etiqueta Git en un espacio de trabajo y adjunte... • https://access.redhat.com/errata/RHBA-2019:0326 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000426
https://notcve.org/view.php?id=CVE-2018-1000426
09 Jan 2019 — A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attackers able to control the Git history parsed by the plugin to have Jenkins render arbitrary HTML on some pages. Existe una vulnerabilidad Cross-Site Scripting (XSS) en el plugin Jenkins Git Changelog, en versiones 2.6 ... • http://www.securityfocus.com/bid/106532 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •