6 results (0.011 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked. Jenkins Project Inheritance Plugin versiones 21.04.03 y anteriores, no escapa de la razón por la que una construcción está bloqueada en la información sobre herramientas, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) explotable por atacantes capaces de controlar la razón por la que un elemento de la cola está bloqueado • https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1919 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format. Jenkins Project Inheritance Plugin versiones 19.08.02 y anteriores, no requieren que los usuarios posean permiso Job/ExtendedRead para acceder a las configuraciones de trabajo de Inheritance Project en formato XML. • http://www.openwall.com/lists/oss-security/2020/06/03/3 https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582 • CWE-276: Incorrect Default Permissions •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure. Jenkins Project Inheritance Plugin versiones 19.08.02 y anteriores, no redactan secretos cifrados en la URL de la API "getConfigAsXML" cuando transmiten datos de trabajo config.xml a usuarios sin permisos Job/Configure. • http://www.openwall.com/lists/oss-security/2020/06/03/3 https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582 • CWE-522: Insufficiently Protected Credentials •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates. Una vulnerabilidad de tipo cross-site request forgery en Jenkins Project Inheritance Plugin versión 2.0.0 y anteriores, permitió a atacantes activar la generación de proyectos a partir de plantillas. • http://www.openwall.com/lists/oss-security/2019/09/25/3 https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin. Jenkins Project Inheritance Plugin versión 2.0.0 y anteriores, desplegaba una lista de variables de entorno pasadas a una compilación sin enmascarar las variables confidenciales aportadas por Mask Passwords Plugin. • http://www.openwall.com/lists/oss-security/2019/09/25/3 https://jenkins.io/security/advisory/2019-09-25/#SECURITY-351 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •