Produkt Global-build-stats (...) - CVEMAP.ORG

Podatności dla 'Global-build-stats'

2022-03-15

CVE-2022-27207

CWE-79

Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.

2018-01-25

CVE-2017-1000389

CWE-79

Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a potential reflected cross-site scripting vulnerability. Additionally, some URLs provided by global-build-stats plugin that modify data did not require POST requests to be sent, resulting in a potential cross-site request forgery vulnerability.

>>> Vendor: Jenkins 480 Produkty

Image gallery plugin

Extra columns plugin

Script security

Github branch source

Config file provider

Owasp dependency-check

Pipeline-input-step

Deploy to container

Static analysis utilities

Periodic backup

Role-based authorization strategy

Parameterized trigger

Favorite plugin

Translation assistance

Pipeline nodes and processes

Delivery pipeline

Build-publisher

Dependency graph viewer

Global-build-stats

Credentials binding

Pipeline supporting apis

Google-play-android-publisher

Promoted builds

Job and node ownership

Cucumber living documentation

Github pull request builder

Reverse proxy auth

Liquibase runner

Email extension

Black duck detect

Groovy postbuild

Ssh credentials

Openstack cloud

Fortify cloudscan

Configuration as code

Aws codepipeline

Active directory

Distributed fork

Pipeline classpath step

Meliora testlab

Tinfoil security

Tracetronic ecu-test

Inedo buildmaster

Maven artifact choicelistprovider (nexus)

Zobacz wszystkie produkty dla producenta Jenkins

Copyright 2024, cxsecurity.com