Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape the name and description of Maven Repository Artifact parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the name and description of Sauce Labs Browsers parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escape the name and description of Stash Branch parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary file.Īn issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. Radare2 v5.7.0 was discovered to contain a heap buffer overflow via the function consume_encoded_name_new at format/wasm/wasm.c. Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. Jenkins Validating Email Parameter Plugin 1.10 and earlier does not escape the name and description of its parameter type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Paymoney v3.3 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the first_name and last_name parameters. Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed
0 kommentar(er)
