Favorite
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1000244 | Hig | 0.57 | 8.8 | 0.01 | Nov 1, 2017 | Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification | ||
| CVE-2022-27196 | Med | 0.28 | 5.4 | 0.01 | Mar 15, 2022 | Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions. | ||
| CVE-2017-1000243 | Med | 0.28 | 4.3 | 0.01 | Nov 1, 2017 | Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites |
- risk 0.57cvss 8.8epss 0.01
Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification
- risk 0.28cvss 5.4epss 0.01
Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions.
- risk 0.28cvss 4.3epss 0.01
Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites