The host is installed with Jenkins LTS through 2.107.2 or Jenkins rolling release through 2.120 and is prone to a CSRF vulnerability. A flaw is present in the application, which fails to properly handle an issue in ZipExtractionInstaller.java. Successful exploitation could allow attackers to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful or ...
The host is installed with Jenkins LTS through 2.107.2 or Jenkins rolling release through 2.120 and is prone to a CSRF vulnerability. A flaw is present in the application, which fails to properly handle an issue in ZipExtractionInstaller.java. Successful exploitation could allow attackers to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful or ...
The host is installed with Jenkins LTS through 2.107.2 or Jenkins rolling release through 2.120 and is prone to an path traversal vulnerability. A flaw is present in the application, which fails to properly handle an issue in FilePath.java and SoloFilePathFilter.java. Successful exploitation could allow attackers to read and write arbitrary files on the Jenkins master, bypassing the agent-to-maste ...
The host is installed with Jenkins LTS through 2.107.2 or Jenkins rolling release through 2.120 and is prone to a path traversal vulnerability. A flaw is present in the application, which fails to properly handle an issue in FilePath.java and SoloFilePathFilter.java. Successful exploitation could allow attackers to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master ...
The host is installed with Jenkins LTS through 2.107.2 or Jenkins rolling release through 2.120 and is prone to an improper neutralization of control sequences vulnerability. A flaw is present in the application, which fails to properly handle an issue in neutralization of control sequences. Successful exploitation could allow attackers to cause unauthorized modifications.
The host is installed with Jenkins LTS through 2.107.2 or Jenkins rolling release through 2.120 and is prone to an privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle an issue in neutralization of control sequences. Successful exploitation could allow attackers to cause unauthorized modifications.
The host is installed with Jenkins LTS through 2.107.2 or Jenkins rolling release through 2.120 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle an issue in AboutJenkins.java. Successful exploitation could allow attackers to enumerate all installed plugins.
The host is installed with Jenkins LTS through 2.107.2 or Jenkins rolling release through 2.120 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle an issue in AboutJenkins.java. Successful exploitation could allow attackers to enumerate all installed plugins.
The host is installed with Jenkins LTS through 2.107.1 or Jenkins rolling release through 2.115 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle an issue in onfirmationList.jelly and stopButton.jelly. Successful exploitation could allow attackers with job/configure and/or job/create permission to create an item name containi ...
The host is installed with Jenkins LTS through 2.107.1 or Jenkins rolling release through 2.115 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle an issue in confirmationList.jelly and stopButton.jelly. Successful exploitation could allow attackers with job/configure and/or job/create permission to create an item name contain ...