The host is installed with Jenkins LTS through 2.235.4 or Jenkins rolling release through 2.242 and is prone to a buffer corruption vulnerability. A flaw is present in the application, which fails to properly handle issues in Jetty. Successful exploitation could allow unauthenticated attackers to obtain HTTP response headers that may include sensitive data intended for another user.
The host is installed with Jenkins LTS through 2.235.3 or Jenkins rolling release through 2.251 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle escaping the tooltip content of help icons. Successful exploitation could allow attackers to cause a stored XSS vulnerability.
The host is installed with Jenkins LTS through 2.235.3 or Jenkins rolling release through 2.251 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle escaping the project naming strategy description. Successful exploitation could allow attackers to cause a stored XSS vulnerability.
The host is installed with Jenkins LTS through 2.235.3 or Jenkins rolling release through 2.251 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle escaping remote address of the host starting a build via 'Trigger builds remotely'. Successful exploitation could allow attackers to cause a stored XSS vulnerability.
The host is installed with Wireshark 3.2.0 through 3.2.5 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a malformed packet trace file. Successful exploitation allows attackers to make Wireshark crash.
The host is installed with Jenkins LTS through 2.235.1 or Jenkins rolling release through 2.244 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle escaping 'href' attribute of links to downstream jobs displayed in the build console page. Successful exploitation could allow attackers to cause a stored XSS vulnerability.
The host is installed with Jenkins LTS through 2.235.1 or Jenkins rolling release through 2.244 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle escaping job name in the 'Keep this build forever' badge tooltip. Successful exploitation could allow attackers to cause a stored XSS vulnerability.
The host is installed with Jenkins LTS through 2.235.1 or Jenkins rolling release through 2.244 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle escaping upstream job's display name shown as part of a build cause. Successful exploitation could allow attackers to cause a stored XSS vulnerability.
The host is installed with Jenkins LTS through 2.235.1 or Jenkins rolling release through 2.244 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle escaping agent name in the build time trend page. Successful exploitation could allow attackers to cause a stored XSS vulnerability.
The host is installed with Oracle Java SE through 11.0.7 or 14.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Hotspot. Successful exploitation allows attackers to affect integrity.