Web methods that lack permission checks or CSRF protection, and cause Jenkins to access a URL, that is not controlled by an attacker, without disclosing ...
Jan 24, 2024 · The "Resource Root URL" functionality is enabled (see documentation). Attackers can retrieve binary secrets (see note below). The attacker needs ...
Sep 6, 2023 · ... URL, when rendering an error message. This results in an HTML injection vulnerability. Since Jenkins 2.275 and LTS 2.263.2, a security ...
Apr 12, 2023 · This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified bearer token authentication.
Oct 25, 2023 · ... URL on the build page. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission ...
Sep 20, 2023 · Description: Jenkins creates a temporary file when a plugin is deployed directly from a URL. Jenkins 2.423 and earlier, LTS 2.414.1 and ...
Apr 27, 2022 · ... report out to them if a plugin ... April 27, 2022, 5:10pm 3. curl -qLs https://updates.jenkins.io ... url": "https://jenkins.io/security/advisory ...
Missing: /search | Show results with:/search
CI/CD and Jenkins Area Meetups Jenkins ... Search K. > Developer ... This throws an exception if the user accessing this URL doesn't have Administer permission.
... jenkins.io ... You can use the search in the issue tracker, or use web search. ... Every Jenkins installation has the /systemInfo URL with information about Jenkins ...
Mar 6, 2024 · This allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL. Additionally, the plugin ...