CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34789
https://notcve.org/view.php?id=CVE-2022-34789
A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlier allows attackers to rebuild previous matrix builds. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Jenkins Matrix Reloaded Plugin versiones 1.1.3 y anteriores, permite a atacantes reconstruir construcciones de matrices anteriores • https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2016 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34788
https://notcve.org/view.php?id=CVE-2022-34788
Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. Jenkins Matrix Reloaded Plugin versiones 1.1.3 y anteriores, no escapan el nombre del agente en las descripciones de herramientas, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado explotable por atacantes con permiso de Agent/Configure • https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1926 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34787
https://notcve.org/view.php?id=CVE-2022-34787
Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked. Jenkins Project Inheritance Plugin versiones 21.04.03 y anteriores, no escapa de la razón por la que una construcción está bloqueada en la información sobre herramientas, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) explotable por atacantes capaces de controlar la razón por la que un elemento de la cola está bloqueado • https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1919 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34786
https://notcve.org/view.php?id=CVE-2022-34786
Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs. Jenkins Rich Text Publisher Plugin versiones 1.4 y anteriores, no escapa del mensaje HTML establecido por su paso de post-construcción, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenada explotable por atacantes capaces de configurar trabajos • https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2332 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34785
https://notcve.org/view.php?id=CVE-2022-34785
Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them. Jenkins build-metrics Plugin 1.3 y anteriores, no lleva a cabo comprobaciones de permisos en múltiples endpoints HTTP, lo que permite a atacantes con permiso Overall/Read obtener información sobre trabajos que de otro modo serían inaccesibles para ellos • https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2643 • CWE-863: Incorrect Authorization •