view-cloner Plugin

CVEs (7)

• CVE-2023-40351Aug 16, 2023
  Jenkins Project

  view-cloner Plugin
  risk 0.00cvss —epss 0.00

  A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar.

• CVE-2023-24450Jan 24, 2023
  Jenkins Project

  view-cloner Plugin
  risk 0.00cvss —epss 0.01

  Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

• CVE-2022-34182Jun 22, 2022
  Jenkins Project

  view-cloner Plugin
  risk 0.00cvss —epss 0.01

  Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability.

• CVE-2022-25203Feb 15, 2022
  Jenkins Project

  view-cloner Plugin
  risk 0.00cvss —epss 0.01

  Jenkins Team Views Plugin 0.9.0 and earlier does not escape team names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Read permission.

• CVE-2021-21680Aug 31, 2021
  Jenkins Project

  view-cloner Plugin
  risk 0.00cvss —epss 0.01

  Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks.

• CVE-2020-2263Sep 16, 2020
  Jenkins Project

  view-cloner Plugin
  risk 0.00cvss —epss 0.01

  Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

• CVE-2020-2207Jul 2, 2020
  Jenkins Project

  view-cloner Plugin
  risk 0.00cvss —epss 0.01

  Jenkins VncViewer Plugin 1.7 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.