Oct 25, 2023 · GitHub Plugin 1.37.3.1 escapes GitHub project URL on the build page when showing changes. Exposure of system-scoped credentials in Warnings ...

Sep 20, 2023 · Jenkins 2.424, LTS 2.414.2 excludes sensitive variables from this search. Stored XSS vulnerability. SECURITY-3245 / CVE-2023-43495. Severity ( ...

Mar 6, 2024 · Those reports are retained on disk, but may no longer be accessible through the Jenkins UI. Stored XSS vulnerability in HTML Publisher Plugin.

Jun 14, 2023 · 3.1 defines the appropriate context for credentials lookup. Stored XSS vulnerability in Maven Repository Server Plugin. SECURITY-3156 / CVE-2023 ...

Aug 16, 2023 · Blue Ocean Plugin 1.27.5.1 uses the configured SCM URL, instead of a user-specified URL provided as a parameter to the HTTP endpoint. CSRF ...

Apr 12, 2023 · Lucene-Search Plugin; NeuVector Vulnerability Scanner Plugin; Quay.io trigger Plugin; Report Portal Plugin; Thycotic DevOps Secrets Vault Plugin ...

Mar 8, 2023 · Custom update site URLs (i.e., not https://updates.jenkins.io/update-center.json ) are configured, and those update sites behave differently.

Jul 12, 2023 · mabl Plugin 0.0.47 defines the appropriate context for credentials lookup. CSRF vulnerability and missing permission checks in mabl Plugin allow ...

To see the ALL CLASSES link when browsing Javadoc without frames, script-src 'unsafe-inline' must also be added to the CSP header. HTML Publisher Plugin. Make ...

Dec 13, 2023 · Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint. This allows attackers with ...