Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins scriptler vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-50764
Jenkins Scriptler Plugin 342.v6a_89fd40f466 and previous versions does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system.
Jenkins Scriptler
NA
CVE-2023-50765
A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and previous versions allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID.
Jenkins Scriptler
312
VMScore
CVE-2021-21700
Jenkins Scriptler Plugin 3.3 and previous versions does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by exploitable by attackers able to create Scriptler scripts.
Jenkins Scriptler
312
VMScore
CVE-2021-21667
Jenkins Scriptler Plugin 3.2 and previous versions does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.
Jenkins Scriptler
312
VMScore
CVE-2021-21668
Jenkins Scriptler Plugin 3.1 and previous versions does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.
Jenkins Scriptler
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started