CVSS: 5.4EPSS: 6%CPEs: 1EXPL: 0CVE-2022-34192
https://notcve.org/view.php?id=CVE-2022-34192
22 Jun 2022 — Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Jenkins ontrack Jenkins Plugin versiones 4.0.0 y anteriores, no escapan el nombre de Ontrack: Multi Parameter choice, Ontrack: Parameter choice, y Ontrack: SingleParameter en las visu... • https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10306
https://notcve.org/view.php?id=CVE-2019-10306
18 Apr 2019 — A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM. Una vulnerabilidad de bypass en una sandbox de Jenkins ontrack Plugin 3.4 y anteriores permitía a los atacantes con control sobre las definiciones DSL de ontrack ejecutar código arbitrario en la JVM maestra de Jenkins. • http://www.securityfocus.com/bid/108045 •