Oct 25, 2023 · GitHub Plugin 1.37.3.1 escapes GitHub project URL on the build page when showing changes. Exposure of system-scoped credentials in Warnings ...
Sep 20, 2023 · Jenkins 2.424, LTS 2.414.2 excludes sensitive variables from this search. Stored XSS vulnerability. SECURITY-3245 / CVE-2023-43495. Severity ( ...
This throws an exception if the user accessing this URL doesn't have Administer permission. If the administrator configured no security mechanism, the ...
To see the ALL CLASSES link when browsing Javadoc without frames, script-src 'unsafe-inline' must also be added to the CSP header. HTML Publisher Plugin. Make ...
Mar 6, 2024 · Those reports are retained on disk, but may no longer be accessible through the Jenkins UI. Stored XSS vulnerability in HTML Publisher Plugin.
Access Control · Security Realm, which determines users and their passwords, as well as what groups the users belong to. · Authorization Strategy, which ...
Missing: /url | Show results with:/url
Jun 14, 2023 · 3.1 defines the appropriate context for credentials lookup. Stored XSS vulnerability in Maven Repository Server Plugin. SECURITY-3156 / CVE-2023 ...
Jul 12, 2023 · mabl Plugin 0.0.47 defines the appropriate context for credentials lookup. CSRF vulnerability and missing permission checks in mabl Plugin allow ...
Mar 8, 2023 · Custom update site URLs (i.e., not https://updates.jenkins.io/update-center.json ) are configured, and those update sites behave differently.
Dec 13, 2023 · Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint. This allows attackers with ...