CVE-2012-4441
https://notcve.org/view.php?id=CVE-2012-4441
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en Jenkins main versiones anteriores a 1.482 y LTS versiones anteriores a 1.466.2, permite a atacantes remotos inyectar script web o HTML arbitrario en el plugin CI game. • http://www.openwall.com/lists/oss-security/2012/09/21/2 https://security-tracker.debian.org/tracker/CVE-2012-4441 https://www.cloudbees.com/jenkins-security-advisory-2012-09-17 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-4440
https://notcve.org/view.php?id=CVE-2012-4440
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the Violations plugin. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en Jenkins main versiones anteriores a 1.482 y LTS versiones anteriores a 1.466.2, permite a atacantes remotos inyectar script web o HTML arbitrario en el plugin Violations. • http://www.openwall.com/lists/oss-security/2012/09/21/2 https://security-tracker.debian.org/tracker/CVE-2012-4440 https://www.cloudbees.com/jenkins-security-advisory-2012-09-17 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-4439
https://notcve.org/view.php?id=CVE-2012-4439
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that points to Jenkins. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en Jenkins main versiones anteriores a 1.482 y LTS versiones anteriores a 1.466.2, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de una URL diseñada que apunta a Jenkins. • http://www.openwall.com/lists/oss-security/2012/09/21/2 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4439 https://security-tracker.debian.org/tracker/CVE-2012-4439 https://www.cloudbees.com/jenkins-security-advisory-2012-09-17 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-4438
https://notcve.org/view.php?id=CVE-2012-4438
Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code. Jenkins main versiones anteriores a 1.482 y LTS versiones anteriores a 1.466.2, permite a atacantes remotos con acceso de lectura y acceso HTTP al maestro Jenkins insertar datos y ejecutar código arbitrario. • http://www.openwall.com/lists/oss-security/2012/09/21/2 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4438 https://security-tracker.debian.org/tracker/CVE-2012-4438 https://www.cloudbees.com/jenkins-security-advisory-2012-09-17 • CWE-20: Improper Input Validation •
CVE-2019-10405
https://notcve.org/view.php?id=CVE-2019-10405
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly. Jenkins versiones 2.196 y anteriores, versiones LTS 2.176.3 y anteriores, imprimieron el valor del encabezado de petición HTTP "Cookie" en /whoAmI/URL, permitiendo a atacantes que explotan otra vulnerabilidad de tipo XSS obtener la cookie de sesión HTTP a pesar de estar marcada como HttpOnly. • http://www.openwall.com/lists/oss-security/2019/09/25/3 https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1505 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •