Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Release/Release permission.
21 days ago
Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds.
3 years ago
is owned and operated by Vicarius Ltd. (the “Company”). All information
contained on the Website is purely for informational, and educational
purposes and should be independently verified and confirmed. Vicarius
does not accept any liability for any loss or damage whatsoever caused
in reliance upon such information or services. No statements or
information presented in any form by Vicarius is intended as fact, and
you agree that you will not consider the statements or information
presented on the Website as fact or as a guarantee of performance.