VYPR

Pipeline Aggregator View Plugin

by Jenkins Project

Source repositories

CVEs (2)

  • CVE-2023-28670MedApr 2, 2023
    risk 0.35cvss 5.4epss 0.00

    Jenkins Pipeline Aggregator View Plugin 1.13 and earlier does not escape a variable representing the current view's URL in inline JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/Read permission.

  • CVE-2019-16564MedDec 17, 2019
    risk 0.28cvss 5.4epss 0.01

    Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to affects view content such as job display name or pipeline stage names.