Search
Find a vulnerability
Search criteria
10 vulnerabilities found for promoted_builds by jenkins
CVE-2022-30965 (GCVE-0-2022-30965)
Vulnerability from nvd – Published: 2022-05-17 14:06 – Updated: 2024-08-03 07:03
VLAI
Summary
Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Severity
No CVSS data available.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.jenkins.io/security/advisory/2022-05-… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins Promoted Builds (Simple) Plugin |
Affected:
unspecified , ≤ 1.9
(custom)
Unknown: next of 1.9 , < unspecified (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:39.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2717"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Promoted Builds (Simple) Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "1.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.9",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T14:22:02.927Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2717"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2022-30965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Promoted Builds (Simple) Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.9"
},
{
"version_affected": "?\u003e",
"version_value": "1.9"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2717",
"refsource": "CONFIRM",
"url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2717"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2022-30965",
"datePublished": "2022-05-17T14:06:45.000Z",
"dateReserved": "2022-05-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:03:39.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29049 (GCVE-0-2022-29049)
Vulnerability from nvd – Published: 2022-04-12 00:00 – Updated: 2024-08-03 06:10
VLAI
Summary
Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not validate the names of promotions defined in Job DSL, allowing attackers with Job/Configure permission to create a promotion with an unsafe name.
Severity
No CVSS data available.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins promoted builds Plugin |
Unaffected:
3.10.1
Affected: unspecified , ≤ 873.v6149db_d64130 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:58.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2655"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins promoted builds Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "unaffected",
"version": "3.10.1"
},
{
"lessThanOrEqual": "873.v6149db_d64130",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not validate the names of promotions defined in Job DSL, allowing attackers with Job/Configure permission to create a promotion with an unsafe name."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T14:21:34.425Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2655"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2022-29049",
"datePublished": "2022-04-12T00:00:00.000Z",
"dateReserved": "2022-04-11T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:10:58.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29045 (GCVE-0-2022-29045)
Vulnerability from nvd – Published: 2022-04-12 00:00 – Updated: 2024-08-03 06:10
VLAI
Summary
Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Severity
No CVSS data available.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins promoted builds Plugin |
Unaffected:
3.10.1
Affected: unspecified , ≤ 873.v6149db_d64130 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:59.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins promoted builds Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "unaffected",
"version": "3.10.1"
},
{
"lessThanOrEqual": "873.v6149db_d64130",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T14:21:29.708Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2022-29045",
"datePublished": "2022-04-12T00:00:00.000Z",
"dateReserved": "2022-04-11T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:10:59.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21641 (GCVE-0-2021-21641)
Vulnerability from nvd – Published: 2021-04-07 13:50 – Updated: 2024-10-15 17:14
VLAI
Summary
A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.jenkins.io/security/advisory/2021-04-… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2021/04/07/2 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins promoted builds Plugin |
Affected:
unspecified , ≤ 3.9
(custom)
Unaffected: 3.5.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:23.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2293"
},
{
"name": "[oss-security] 20210407 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/07/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-21641",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:09:40.719699Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T17:14:47.328Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jenkins promoted builds Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "3.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "3.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T15:51:04.828Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2293"
},
{
"name": "[oss-security] 20210407 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/07/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2021-21641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins promoted builds Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "3.9"
},
{
"version_affected": "!",
"version_value": "3.5.1"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2293",
"refsource": "CONFIRM",
"url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2293"
},
{
"name": "[oss-security] 20210407 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/04/07/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2021-21641",
"datePublished": "2021-04-07T13:50:15.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-10-15T17:14:47.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000114 (GCVE-0-2018-1000114)
Vulnerability from nvd – Published: 2018-03-13 13:00 – Updated: 2024-09-16 23:16
VLAI
Summary
An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jenkins.io/security/advisory/2018-02-26/#… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:33:49.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-02-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-13T13:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-02-26",
"ID": "CVE-2018-1000114",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000114",
"datePublished": "2018-03-13T13:00:00.000Z",
"dateReserved": "2018-03-13T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:16:12.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30965 (GCVE-0-2022-30965)
Vulnerability from cvelistv5 – Published: 2022-05-17 14:06 – Updated: 2024-08-03 07:03
VLAI
Summary
Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Severity
No CVSS data available.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.jenkins.io/security/advisory/2022-05-… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins Promoted Builds (Simple) Plugin |
Affected:
unspecified , ≤ 1.9
(custom)
Unknown: next of 1.9 , < unspecified (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:39.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2717"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Promoted Builds (Simple) Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "1.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.9",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T14:22:02.927Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2717"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2022-30965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Promoted Builds (Simple) Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.9"
},
{
"version_affected": "?\u003e",
"version_value": "1.9"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2717",
"refsource": "CONFIRM",
"url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2717"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2022-30965",
"datePublished": "2022-05-17T14:06:45.000Z",
"dateReserved": "2022-05-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:03:39.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29045 (GCVE-0-2022-29045)
Vulnerability from cvelistv5 – Published: 2022-04-12 00:00 – Updated: 2024-08-03 06:10
VLAI
Summary
Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Severity
No CVSS data available.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins promoted builds Plugin |
Unaffected:
3.10.1
Affected: unspecified , ≤ 873.v6149db_d64130 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:59.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins promoted builds Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "unaffected",
"version": "3.10.1"
},
{
"lessThanOrEqual": "873.v6149db_d64130",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T14:21:29.708Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2617"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2022-29045",
"datePublished": "2022-04-12T00:00:00.000Z",
"dateReserved": "2022-04-11T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:10:59.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29049 (GCVE-0-2022-29049)
Vulnerability from cvelistv5 – Published: 2022-04-12 00:00 – Updated: 2024-08-03 06:10
VLAI
Summary
Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not validate the names of promotions defined in Job DSL, allowing attackers with Job/Configure permission to create a promotion with an unsafe name.
Severity
No CVSS data available.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins promoted builds Plugin |
Unaffected:
3.10.1
Affected: unspecified , ≤ 873.v6149db_d64130 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:58.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2655"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins promoted builds Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "unaffected",
"version": "3.10.1"
},
{
"lessThanOrEqual": "873.v6149db_d64130",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except 3.10.1, does not validate the names of promotions defined in Job DSL, allowing attackers with Job/Configure permission to create a promotion with an unsafe name."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T14:21:34.425Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2655"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2022-29049",
"datePublished": "2022-04-12T00:00:00.000Z",
"dateReserved": "2022-04-11T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:10:58.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21641 (GCVE-0-2021-21641)
Vulnerability from cvelistv5 – Published: 2021-04-07 13:50 – Updated: 2024-10-15 17:14
VLAI
Summary
A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.jenkins.io/security/advisory/2021-04-… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2021/04/07/2 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins promoted builds Plugin |
Affected:
unspecified , ≤ 3.9
(custom)
Unaffected: 3.5.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:16:23.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2293"
},
{
"name": "[oss-security] 20210407 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/07/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-21641",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:09:40.719699Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T17:14:47.328Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jenkins promoted builds Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "3.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "3.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T15:51:04.828Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2293"
},
{
"name": "[oss-security] 20210407 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/07/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2021-21641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins promoted builds Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "3.9"
},
{
"version_affected": "!",
"version_value": "3.5.1"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier allows attackers to to promote builds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2293",
"refsource": "CONFIRM",
"url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2293"
},
{
"name": "[oss-security] 20210407 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/04/07/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2021-21641",
"datePublished": "2021-04-07T13:50:15.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-10-15T17:14:47.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000114 (GCVE-0-2018-1000114)
Vulnerability from cvelistv5 – Published: 2018-03-13 13:00 – Updated: 2024-09-16 23:16
VLAI
Summary
An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jenkins.io/security/advisory/2018-02-26/#… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:33:49.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-02-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-13T13:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-02-26",
"ID": "CVE-2018-1000114",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000114",
"datePublished": "2018-03-13T13:00:00.000Z",
"dateReserved": "2018-03-13T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:16:12.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}