Jan 24, 2024 · The "Resource Root URL" functionality is enabled (see documentation). Attackers can retrieve binary secrets (see note below). The attacker needs ...

Oct 25, 2023 · 3.1 escapes GitHub project URL on the build page when showing changes. Exposure of system-scoped credentials in Warnings Plugin. SECURITY-3265 / ...

CI/CD and Jenkins Area Meetups Jenkins ... Search K. > Developer ... This throws an exception if the user accessing this URL doesn't have Administer permission.

Sep 20, 2023 · Description: Jenkins creates a temporary file when a plugin is deployed directly from a URL. Jenkins 2.423 and earlier, LTS 2.414.1 and ...

Apr 12, 2023 · This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified bearer token authentication.

Sep 6, 2023 · ... URL, when rendering an error message. This results in an HTML injection vulnerability. Since Jenkins 2.275 and LTS 2.263.2, a security ...

Mar 6, 2024 · This allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL. Additionally, the plugin ...

Jun 14, 2023 · This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained ...

Customizing Content Security Policy. It is strongly recommended to set up the Resource Root URL instead of customizing Content-Security-Policy. Most of the ...

Dec 13, 2023 · This allows attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML.