Jan 24, 2024 · Exploitation requires that all of the following conditions are met: The "Resource Root URL" functionality is enabled (see documentation). Attackers can retrieve ...

Jul 12, 2023 · This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another ...

Sep 20, 2023 · Temporary plugin file created with insecure permissions ... Description: Jenkins creates a temporary file when a plugin is deployed directly from a URL. Jenkins ...

Oct 25, 2023 · ... URL on the build page. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. As of ...

Dec 13, 2023 · This allows attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. Additionally, the plugin ...

Jun 14, 2023 · This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another ...

Mar 6, 2024 · This allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL. Additionally, the plugin reconfigures itself ...

Sep 6, 2023 · Description: AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error ...

Jul 26, 2023 · This allows attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through ...