CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-28156 |
Description: Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure Build Monitor Views.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-28155 |
Description: Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-28154 |
Description: Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default.
EPSS Score: 0.06%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-28153 |
Description: Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting (XSS) vulnerability.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-28152 |
Description: In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and earlier, except 848.850.v6a_a_2a_234a_c81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-28151 |
Description: Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller file system exists, without being able to access it.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-28150 |
Description: Jenkins HTML Publisher Plugin 1.32 and earlier does not escape job names, report names, and index page titles shown as part of the report frame, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-28147 |
Description: An authenticated user can upload arbitrary files in the upload
function for collection preview images. An attacker may upload an HTML
file that includes malicious JavaScript code which will be executed if a
user visits the direct URL of the collection preview image (Stored
Cross Site Scripting). It is also possible to upload SVG files that
include nested XML entities. Those are parsed when a user visits the
direct URL of the collection preview image, which may be utilized for a
Denial of Service attack.
This issue affects edu-sharing: <8.0.8-RC2, <8.1.4-RC0, <9.0.0-RC19.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-28064 |
Description: Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations (with displayLoginChunkedImages) and write operations (with storeLoginChunkedImages).
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-28063 |
Description: Kiteworks Totemomail through 7.0.0 allows /responsiveUI/EnvelopeOpenServlet envelopeRecipient reflected XSS.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|