VYPR

Favorite

by Jenkins Project

CVEs (3)

  • CVE-2017-1000244HigNov 1, 2017
    risk 0.57cvss 8.8epss 0.01

    Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification

  • CVE-2022-27196MedMar 15, 2022
    risk 0.28cvss 5.4epss 0.01

    Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions.

  • CVE-2017-1000243MedNov 1, 2017
    risk 0.28cvss 4.3epss 0.01

    Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites