Mar 8, 2023 · A custom download page template must be used ( --index-template-url argument), and the template used must not prevent JavaScript execution ...

Dec 13, 2023 · This allows attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML.

May 16, 2023 · ... URL and parse the response as XML, or parse a local file on the Jenkins controller as XML. As the plugin does not configure its XML parser ...

Jan 24, 2023 · This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained ...

Mar 21, 2023 · Pipeline Aggregator View Plugin 1.14 obtains the current URL in a way not susceptible to XSS. CSRF vulnerability in OctoPerf Load Testing Plugin ...

Web methods that lack permission checks or CSRF protection, and cause Jenkins to access a URL, that is not controlled by an attacker, without disclosing ...

Jun 22, 2022 · ... URL. Additionally, this form validation method does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

Jan 12, 2022 · ... URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Bitbucket Branch ...

Feb 15, 2022 · This allows attackers with Overall/Read permission to have Jenkins send an HTTP request to an attacker-controlled URL and have it parse the ...

Jun 30, 2022 · This allows attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. As ...