CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Jenkins: >> Global-Build-Stats Security Vulnerabilities

CVE-2022-27207

Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.

CVSS Score

4.8

EPSS Score

0.06

Published

2022-03-15

CVE-2017-1000389

Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a potential reflected cross-site scripting vulnerability. Additionally, some URLs provided by global-build-stats plugin that modify data did not require POST requests to be sent, resulting in a potential cross-site request forgery vulnerability.

CVSS Score

6.1

EPSS Score

0.001

Published

2018-01-26

Page 1

Vulnerabilities

Vulnerable Software

Jenkins: >> Global-Build-Stats Security Vulnerabilities

Products

Pricing

Contact Us