Jan 24, 2024 · This advisory announces vulnerabilities in the following Jenkins deliverables: Jenkins (core); Git server Plugin · GitLab Branch Source ...
Using Content-Security-Policy (CSP), injection attacks like cross-site scripting can be prevented. Unfortunately, as of Jenkins 2.372, the Jenkins classic UI is ...
Sep 21, 2022 · This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control API responses by Anchore engine.
Mar 8, 2023 · This advisory announces vulnerabilities in the following Jenkins deliverables: Jenkins (core); update-center2. Descriptions. XSS vulnerability ...
Feb 15, 2022 · This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Agent Server ...
Jun 14, 2023 · As of publication of this advisory, we are aware of insufficiently escaped context menu URLs for label expressions, allowing attackers with Item ...
Missing: prevention/ | Show results with:prevention/
Sep 6, 2023 · This advisory announces vulnerabilities in the following Jenkins deliverables: Assembla Auth Plugin · AWS CodeCommit Trigger Plugin ...
Jun 30, 2022 · This results in a cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or control test results. TestNG ...
default-src 'none' prohibits loading scripts, URLs for AJAX/XHR/WebSockets/EventSources, fonts, plugin objects, media, and frames from anywhere (images and ...
Missing: xss- | Show results with:xss-
May 16, 2023 · This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately. The ...