Jan 24, 2024 · The "Resource Root URL" functionality is enabled (see documentation). Attackers can retrieve binary secrets (see note below). The attacker needs ...
Oct 25, 2023 · 3.1 escapes GitHub project URL on the build page when showing changes. Exposure of system-scoped credentials in Warnings Plugin. SECURITY-3265 / ...
Sep 20, 2023 · Description: Jenkins creates a temporary file when a plugin is deployed directly from a URL. Jenkins 2.423 and earlier, LTS 2.414.1 and ...
Web methods that lack permission checks or CSRF protection, and cause Jenkins to access a URL, that is not controlled by an attacker, without disclosing ...
Apr 12, 2023 · This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified bearer token authentication.
Mar 8, 2023 · A custom download page template must be used ( --index-template-url argument), and the template used must not prevent JavaScript execution ...
Apr 27, 2022 · Im part of a security team in my organisation. ... April 27, 2022, 5:10pm 3. curl -qLs https://updates.jenkins.io ... url": "https://jenkins.io/ ...
Missing: /search | Show results with:/search
Mar 6, 2024 · This allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL. Additionally, the plugin ...
Jun 14, 2023 · This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained ...
Jul 12, 2023 · This allows attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site after ...