CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-34204

A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:05 | 阅读：62 | 回复：0
CVE-2022-34205

A cross-site request forgery (CSRF) vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:05 | 阅读：67 | 回复：0
CVE-2022-34206

A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:05 | 阅读：77 | 回复：0
CVE-2022-34207

A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:05 | 阅读：131 | 回复：0
CVE-2022-34193

Jenkins Package Version Plugin 1.0.1 and earlier does not escape the name of Package version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability e ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:04 | 阅读：59 | 回复：0
CVE-2022-34194

Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:04 | 阅读：61 | 回复：0
CVE-2022-34195

Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape the name and description of Maven Repository Artifact parameters on views displaying parameters, resulting in a stored cross-site ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:04 | 阅读：56 | 回复：0
CVE-2022-34196

Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) v ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:04 | 阅读：60 | 回复：0
CVE-2022-34197

Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the name and description of Sauce Labs Browsers parameters on views displaying parameters, resulting in a stored cross-site scripting (X ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:04 | 阅读：54 | 回复：0
CVE-2022-34198

Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escape the name and description of Stash Branch parameters on views displaying parameters, resulting in a stored cross-site scripting ( ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:04 | 阅读：58 | 回复：0
CVE-2022-34199

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:04 | 阅读：64 | 回复：0
CVE-2022-34200

A cross-site request forgery (CSRF) vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:04 | 阅读：53 | 回复：0
CVE-2022-34186

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cr ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:03 | 阅读：68 | 回复：0
CVE-2022-34187

Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored cross-s ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:03 | 阅读：76 | 回复：0
CVE-2022-34188

Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XS ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:03 | 阅读：70 | 回复：0
CVE-2022-34189

Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape the name and description of Image Tag parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vu ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:03 | 阅读：62 | 回复：0
CVE-2022-34190

Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:03 | 阅读：58 | 回复：0
CVE-2022-34191

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and earlier does not escape the name of NetStorm Test parameters on views displaying parameters, resulting in a stored cross-site script ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:03 | 阅读：67 | 回复：0
CVE-2022-34192

Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying par ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:03 | 阅读：65 | 回复：0
CVE-2022-34179

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG image style without restricting possible values, resulting i ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:02 | 阅读：68 | 回复：0
CVE-2022-34180

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for unprotected status badge access, allowing attac ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:02 | 阅读：72 | 回复：0
CVE-2022-34181

Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn't exist, and parsing files inside it as test results, allowing ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:02 | 阅读：69 | 回复：0
CVE-2022-34182

Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:02 | 阅读：57 | 回复：0
CVE-2022-34183

Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting (XS ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:02 | 阅读：58 | 回复：0
CVE-2022-34184

Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cros ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:02 | 阅读：61 | 回复：0
CVE-2022-34185

Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the name and description of Date parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerabili ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:02 | 阅读：75 | 回复：0
CVE-2022-34171

In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:01 | 阅读：52 | 回复：0
CVE-2022-34172

In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:01 | 阅读：51 | 回复：0
CVE-2022-34173

In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerabili ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:01 | 阅读：49 | 回复：0
CVE-2022-34174

In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:01 | 阅读：52 | 回复：0
CVE-2022-34175

Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:01 | 阅读：51 | 回复：0
CVE-2022-34176

Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Up ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:01 | 阅读：48 | 回复：0
CVE-2022-34177

Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the par ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:01 | 阅读：54 | 回复：0
CVE-2022-34178

Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cro ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:01 | 阅读：53 | 回复：0
CVE-2022-33124

** DISPUTED ** AIOHTTP 3.8.1 can report a ValueError: Invalid IPv6 URL outcome, which can lead to a Denial of Service (DoS). NOTE: multiple third parties dispute this issue because there is no example ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:00 | 阅读：46 | 回复：0
CVE-2022-33127

The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a c ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:00 | 阅读：51 | 回复：0
CVE-2022-34011

OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the parameter entryUrls.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:00 | 阅读：42 | 回复：0
CVE-2022-34012

Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:00 | 阅读：47 | 回复：0
CVE-2022-34013

OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Logo parameter under the Link module.……

作者：菜鸟教程小白 | 时间：2022-7-7 08:00 | 阅读：46 | 回复：0
CVE-2022-34170

In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the ...……

作者：菜鸟教程小白 | 时间：2022-7-7 08:00 | 阅读：44 | 回复：0