Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-66hv-fhcm-7xm7: Jenkins Warnings Plugin exposures system-scoped credentials

Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1.

ghsa
Open in Source
#git

Jenkins Warnings Plugin exposures system-scoped credentials

Moderate severity GitHub Reviewed Published Oct 25, 2023 to the GitHub Advisory Database • Updated Oct 30, 2023

Related news

CVE-2023-46650: security - Multiple vulnerabilities in Jenkins plugins

Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

ghsa: Latest News

GHSA-9h9q-qhxg-89xr: Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting
ghsa