Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for promoted_builds by jenkins

    CVE-2022-30965 (GCVE-0-2022-30965)

    Vulnerability from nvd – Published: 2022-05-17 14:06 – Updated: 2024-08-03 07:03
    VLAI
    Summary
    Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins Promoted Builds (Simple) Plugin Affected: unspecified , ≤ 1.9 (custom)
    Unknown: next of 1.9 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:03:39.922Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2717"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins Promoted Builds (Simple) Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "1.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unknown",
                  "version": "next of 1.9",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T14:22:02.927Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2717"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2022-30965",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins Promoted Builds (Simple) Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "1.9"
                              },
                              {
                                "version_affected": "?\u003e",
                                "version_value": "1.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2717",
                  "refsource": "CONFIRM",
                  "url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2717"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2022-30965",
        "datePublished": "2022-05-17T14:06:45.000Z",
        "dateReserved": "2022-05-16T00:00:00.000Z",
        "dateUpdated": "2024-08-03T07:03:39.922Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-29049 (GCVE-0-2022-29049)

    Vulnerability from nvd – Published: 2022-04-12 00:00 – Updated: 2024-08-03 06:10
    VLAI
    Summary
    Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not validate the names of promotions defined in Job DSL, allowing attackers with Job/Configure permission to create a promotion with an unsafe name.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins promoted builds Plugin Unaffected: 3.10.1
    Affected: unspecified , ≤ 873.v6149db_d64130 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:10:58.886Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2655"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins promoted builds Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "3.10.1"
                },
                {
                  "lessThanOrEqual": "873.v6149db_d64130",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not validate the names of promotions defined in Job DSL, allowing attackers with Job/Configure permission to create a promotion with an unsafe name."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T14:21:34.425Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "url": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2655"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2022-29049",
        "datePublished": "2022-04-12T00:00:00.000Z",
        "dateReserved": "2022-04-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:10:58.886Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-29045 (GCVE-0-2022-29045)

    Vulnerability from nvd – Published: 2022-04-12 00:00 – Updated: 2024-08-03 06:10
    VLAI
    Summary
    Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins promoted builds Plugin Unaffected: 3.10.1
    Affected: unspecified , ≤ 873.v6149db_d64130 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:10:59.348Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins promoted builds Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "3.10.1"
                },
                {
                  "lessThanOrEqual": "873.v6149db_d64130",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T14:21:29.708Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "url": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2022-29045",
        "datePublished": "2022-04-12T00:00:00.000Z",
        "dateReserved": "2022-04-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:10:59.348Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-21641 (GCVE-0-2021-21641)

    Vulnerability from nvd – Published: 2021-04-07 13:50 – Updated: 2024-10-15 17:14
    VLAI
    Summary
    A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins promoted builds Plugin Affected: unspecified , ≤ 3.9 (custom)
    Unaffected: 3.5.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:16:23.584Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2293"
              },
              {
                "name": "[oss-security] 20210407 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/04/07/2"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-21641",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T17:09:40.719699Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T17:14:47.328Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins promoted builds Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "3.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "3.5.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T15:51:04.828Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2293"
            },
            {
              "name": "[oss-security] 20210407 Multiple vulnerabilities in Jenkins and Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/04/07/2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2021-21641",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins promoted builds Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "3.9"
                              },
                              {
                                "version_affected": "!",
                                "version_value": "3.5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352: Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2293",
                  "refsource": "CONFIRM",
                  "url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2293"
                },
                {
                  "name": "[oss-security] 20210407 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/04/07/2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2021-21641",
        "datePublished": "2021-04-07T13:50:15.000Z",
        "dateReserved": "2021-01-04T00:00:00.000Z",
        "dateUpdated": "2024-10-15T17:14:47.328Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1000114 (GCVE-0-2018-1000114)

    Vulnerability from nvd – Published: 2018-03-13 13:00 – Updated: 2024-09-16 23:16
    VLAI
    Summary
    An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:33:49.383Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "dateAssigned": "2018-02-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-13T13:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_ASSIGNED": "2018-02-26",
              "ID": "CVE-2018-1000114",
              "REQUESTER": "ml@beckweb.net",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746",
                  "refsource": "CONFIRM",
                  "url": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-1000114",
        "datePublished": "2018-03-13T13:00:00.000Z",
        "dateReserved": "2018-03-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:16:12.603Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-30965 (GCVE-0-2022-30965)

    Vulnerability from cvelistv5 – Published: 2022-05-17 14:06 – Updated: 2024-08-03 07:03
    VLAI
    Summary
    Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins Promoted Builds (Simple) Plugin Affected: unspecified , ≤ 1.9 (custom)
    Unknown: next of 1.9 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:03:39.922Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2717"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins Promoted Builds (Simple) Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "1.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unknown",
                  "version": "next of 1.9",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T14:22:02.927Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2717"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2022-30965",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins Promoted Builds (Simple) Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "1.9"
                              },
                              {
                                "version_affected": "?\u003e",
                                "version_value": "1.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2717",
                  "refsource": "CONFIRM",
                  "url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2717"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2022-30965",
        "datePublished": "2022-05-17T14:06:45.000Z",
        "dateReserved": "2022-05-16T00:00:00.000Z",
        "dateUpdated": "2024-08-03T07:03:39.922Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-29045 (GCVE-0-2022-29045)

    Vulnerability from cvelistv5 – Published: 2022-04-12 00:00 – Updated: 2024-08-03 06:10
    VLAI
    Summary
    Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins promoted builds Plugin Unaffected: 3.10.1
    Affected: unspecified , ≤ 873.v6149db_d64130 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:10:59.348Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins promoted builds Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "3.10.1"
                },
                {
                  "lessThanOrEqual": "873.v6149db_d64130",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T14:21:29.708Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "url": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2022-29045",
        "datePublished": "2022-04-12T00:00:00.000Z",
        "dateReserved": "2022-04-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:10:59.348Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-29049 (GCVE-0-2022-29049)

    Vulnerability from cvelistv5 – Published: 2022-04-12 00:00 – Updated: 2024-08-03 06:10
    VLAI
    Summary
    Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not validate the names of promotions defined in Job DSL, allowing attackers with Job/Configure permission to create a promotion with an unsafe name.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins promoted builds Plugin Unaffected: 3.10.1
    Affected: unspecified , ≤ 873.v6149db_d64130 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:10:58.886Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2655"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins promoted builds Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "3.10.1"
                },
                {
                  "lessThanOrEqual": "873.v6149db_d64130",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not validate the names of promotions defined in Job DSL, allowing attackers with Job/Configure permission to create a promotion with an unsafe name."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T14:21:34.425Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "url": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2655"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2022-29049",
        "datePublished": "2022-04-12T00:00:00.000Z",
        "dateReserved": "2022-04-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:10:58.886Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-21641 (GCVE-0-2021-21641)

    Vulnerability from cvelistv5 – Published: 2021-04-07 13:50 – Updated: 2024-10-15 17:14
    VLAI
    Summary
    A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins promoted builds Plugin Affected: unspecified , ≤ 3.9 (custom)
    Unaffected: 3.5.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T18:16:23.584Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2293"
              },
              {
                "name": "[oss-security] 20210407 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/04/07/2"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-21641",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T17:09:40.719699Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T17:14:47.328Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins promoted builds Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "3.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "3.5.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T15:51:04.828Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2293"
            },
            {
              "name": "[oss-security] 20210407 Multiple vulnerabilities in Jenkins and Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/04/07/2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2021-21641",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins promoted builds Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "3.9"
                              },
                              {
                                "version_affected": "!",
                                "version_value": "3.5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352: Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2293",
                  "refsource": "CONFIRM",
                  "url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2293"
                },
                {
                  "name": "[oss-security] 20210407 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/04/07/2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2021-21641",
        "datePublished": "2021-04-07T13:50:15.000Z",
        "dateReserved": "2021-01-04T00:00:00.000Z",
        "dateUpdated": "2024-10-15T17:14:47.328Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1000114 (GCVE-0-2018-1000114)

    Vulnerability from cvelistv5 – Published: 2018-03-13 13:00 – Updated: 2024-09-16 23:16
    VLAI
    Summary
    An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:33:49.383Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "dateAssigned": "2018-02-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-13T13:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_ASSIGNED": "2018-02-26",
              "ID": "CVE-2018-1000114",
              "REQUESTER": "ml@beckweb.net",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746",
                  "refsource": "CONFIRM",
                  "url": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-1000114",
        "datePublished": "2018-03-13T13:00:00.000Z",
        "dateReserved": "2018-03-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:16:12.603Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }