Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins git parameter vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2020-2113
Jenkins Git Parameter Plugin 0.9.11 and previous versions does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.
Jenkins Git Parameter
5.4
CVSSv3
CVE-2020-2112
Jenkins Git Parameter Plugin 0.9.11 and previous versions does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission.
Jenkins Git Parameter
5.4
CVSSv3
CVE-2020-2238
Jenkins Git Parameter Plugin 0.9.12 and previous versions does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Jenkins Git Parameter
5.4
CVSSv3
CVE-2022-29040
Jenkins Git Parameter Plugin 0.9.15 and previous versions does not escape the name and description of Git parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Jenkins Git Parameter
5.4
CVSSv3
CVE-2022-27212
Jenkins List Git Branches Parameter Plugin 0.0.9 and previous versions does not escape the name of the 'List Git branches (and more)' parameter, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Jenkins List Git Branches Parameter
6.5
CVSSv3
CVE-2022-1705
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.
Golang Go
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started