CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23900 – jenkins-2-plugins: matrix-project plugin path traversal vulnerability
https://notcve.org/view.php?id=CVE-2024-23900
24 Jan 2024 — Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers. El complemento Jenkins Matrix Project 822.v01b_8c85d16d2 y versiones anteriores no sanitiza los nombres de eje definidos por el usuario de proyectos de configuración múltiple, lo que permite a los a... • http://www.openwall.com/lists/oss-security/2024/01/24/6 • CWE-23: Relative Path Traversal •
CVSS: 5.4EPSS: 61%CPEs: 2EXPL: 0CVE-2022-20615
https://notcve.org/view.php?id=CVE-2022-20615
12 Jan 2022 — Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. El plugin Jenkins Matrix Project versiones 1.19 y anteriores, no escapa de los metacaracteres HTML en los nombres de nodos y etiquetas, y en las descripciones de las mismas, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenada explot... • http://www.openwall.com/lists/oss-security/2022/01/12/6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2225 – jenkins-2-plugins/matrix-project: Stored XSS vulnerability in multiple axis builds tooltips
https://notcve.org/view.php?id=CVE-2020-2225
15 Jul 2020 — Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability. Jenkins Matrix Project Plugin versiones 1.16 y anteriores, no escapa los nombres de eje que se muestran en la información sobre herramientas en la página de resumen de compilaciones con varios ejes, resultando en una vulnerabilidad de tipo cross-site scripting almacenado A flaw was found in the Matrix Proj... • http://www.openwall.com/lists/oss-security/2020/07/15/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2224 – jenkins-2-plugins/matrix-project: Stored XSS vulnerability in single axis builds tooltips
https://notcve.org/view.php?id=CVE-2020-2224
15 Jul 2020 — Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerability. Jenkins Matrix Project Plugin versiones 1.16 y anteriores, no escapa los nombres de nodo que se muestran en la información sobre herramientas en la página de descripción general de las compilaciones con un solo eje, resultando en una vulnerabilidad de tipo cross-site scripting almacenado A flaw was found i... • http://www.openwall.com/lists/oss-security/2020/07/15/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 2%CPEs: 2EXPL: 0CVE-2019-1003031 – jenkins-matrix-project-plugin: sandbox bypass in matrix project plugin
https://notcve.org/view.php?id=CVE-2019-1003031
08 Mar 2019 — A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM. Existe una vulnerabilidad de omisión de sandbox en el plugin Jenkins Matrix Project, en versiones 1.13 y anteriores, en pom.xml, src/main/java/hudson/matrix/FilterScript.java, que permite a los atacantes con permisos de "Job/Configure" ejecutar código arbitrari... • http://www.securityfocus.com/bid/107476 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •