Scriptler Plugin

Source repositories

https://github.com/jenkinsci/scriptler-plugin

CVEs (5)

CVE	Vendor / Product	CVSS	Published	Description
CVE-2023-50765	Jenkins Project Scriptler Plugin	—	Dec 13, 2023	A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID.
CVE-2023-50764	Jenkins Project Scriptler Plugin	—	Dec 13, 2023	Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system.
CVE-2021-21700	Jenkins Project Scriptler Plugin	—	Nov 12, 2021	Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by exploitable by attackers able to create Scriptler scripts.
CVE-2021-21668	Jenkins Project Scriptler Plugin	—	Jun 16, 2021	Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.
CVE-2021-21667	Jenkins Project Scriptler Plugin	—	Jun 16, 2021	Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.

CVE-2023-50765Dec 13, 2023
Jenkins Project
Scriptler Plugin
risk 0.00cvss —epss 0.00
A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID.
CVE-2023-50764Dec 13, 2023
Jenkins Project
Scriptler Plugin
risk 0.00cvss —epss 0.00
Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system.
CVE-2021-21700Nov 12, 2021
Jenkins Project
Scriptler Plugin
risk 0.00cvss —epss 0.00
Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by exploitable by attackers able to create Scriptler scripts.
CVE-2021-21668Jun 16, 2021
Jenkins Project
Scriptler Plugin
risk 0.00cvss —epss 0.00
Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.
CVE-2021-21667Jun 16, 2021
Jenkins Project
Scriptler Plugin
risk 0.00cvss —epss 0.00
Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.