4 results (0.010 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. El plugin Jenkins CVS versiones 2.19 y anteriores, no escapa del nombre y la descripción de los parámetros CVS Symbolic Name en las visualizaciones que muestran parámetros, resultando en una vulnerabilidad de scripting cruzado (XSS) almacenada que puede ser explotada por atacantes con permiso Item/Configure • https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Jenkins CVS Plugin versiones 2.16 y anteriores, no configuran su analizador XML para impedir ataques de tipo XML external entity (XXE) • http://www.openwall.com/lists/oss-security/2020/12/03/2 https://www.jenkins.io/security/advisory/2020-12-03/#SECURITY-2146 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 7.5EPSS: 10%CPEs: 15EXPL: 2

CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar." CVS 1.12.x, cuando se configura para que use SSH para repositorios remotos, podría permitir que atacantes remotos ejecuten código arbitrario mediante una URL de repositorio con un nombre de host manipulado, tal y como demuestra "-oProxyCommand=id;localhost:/bar. • http://lists.nongnu.org/archive/html/bug-cvs/2017-08/msg00000.html http://www.debian.org/security/2017/dsa-3940 http://www.openwall.com/lists/oss-security/2017/08/11/1 http://www.openwall.com/lists/oss-security/2017/08/11/4 http://www.securityfocus.com/bid/100279 http://www.ubuntu.com/usn/USN-3399-1 https://bugzilla.redhat.com/show_bug.cgi?id=1480800 https://security.gentoo.org/glsa/201709-17 •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:20.cvsbug.asc http://secunia.com/advisories/16765 http://securitytracker.com/id?1014857 http://www.debian.org/security/2005/dsa-802 http://www.debian.org/security/2005/dsa-806 http://www.redhat.com/support/errata/RHSA-2005-756.html http://www.vupen.com/english/advisories/2005/1667 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166366 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.m •