In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request handling.
21 days ago
Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL.
21 days ago
Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability.
8 months ago
is owned and operated by Vicarius Ltd. (the “Company”). All information
contained on the Website is purely for informational, and educational
purposes and should be independently verified and confirmed. Vicarius
does not accept any liability for any loss or damage whatsoever caused
in reliance upon such information or services. No statements or
information presented in any form by Vicarius is intended as fact, and
you agree that you will not consider the statements or information
presented on the Website as fact or as a guarantee of performance.