NotCVE - vendor:"Jenkins" product:"Jenkins" version:" >= 2.332.1 <= 2.332.3"

Page 3 of 23 results (0.004 seconds)

CVSS: 5.4EPSS: 1%CPEs: 2EXPL: 0

CVE-2022-34171

https://notcve.org/view.php?id=CVE-2022-34171

22 Jun 2022 — In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' attribute of 'l:icon' (since Jenkins 2.335) without further escaping, resulting in a cross-site scripting (XSS) vulnerability. En Jenkins versiones 2.321 hasta 2.355 (ambas incluyéndolas) y LTS 2.332.1 hasta LTS 2.332.3 (ambas incluyéndolas) la salida HTML generada para nuevo... • https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 1%CPEs: 2EXPL: 0

CVE-2022-34170

https://notcve.org/view.php?id=CVE-2022-34170

22 Jun 2022 — In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. En Jenkins versiones 2.320 hasta 2.355 (ambas incluyéndolas) y LTS versiones 2.332.1 hasta LTS 2.332.3 (ambas incluyéndolas), el icono de ayuda no escapa el nombre de la caract... • https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2781 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 0

CVE-2022-0538

https://notcve.org/view.php?id=CVE-2022-0538

09 Feb 2022 — Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage. Jenkins versiones 2.333 y anteriores, LTS versiones 2.319.2 y anteriores, define convertidores XStream personalizados que no han sido actualizados para aplicar las protecciones para la vulnerabilidad CVE-2021-43859 y permiten el uso de recursos sin restricciones • http://www.openwall.com/lists/oss-security/2022/02/09/1 • CWE-502: Deserialization of Untrusted Data •

1 2 3