Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for Jenkins Nested View Plugin by Jenkins project
CVE-2022-34182 (GCVE-0-2022-34182)
Vulnerability from nvd – Published: 2022-06-22 14:41 – Updated: 2024-08-03 08:16
VLAI
EPSS
VEX
Summary
Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability.
Severity
No CVSS data available.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.jenkins.io/security/advisory/2022-06-… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins Nested View Plugin |
Affected:
1.20 , < unspecified
(custom)
Affected: unspecified , ≤ 1.25 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:16:17.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2768"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Nested View Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.20",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.25",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T14:22:26.486Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2768"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2022-34182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Nested View Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.20"
},
{
"version_affected": "\u003c=",
"version_value": "1.25"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2768",
"refsource": "CONFIRM",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2768"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2022-34182",
"datePublished": "2022-06-22T14:41:09.000Z",
"dateReserved": "2022-06-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T08:16:17.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21680 (GCVE-0-2021-21680)
Vulnerability from nvd – Published: 2021-08-31 13:50 – Updated: 2024-08-03 18:23
VLAI
EPSS
VEX
Summary
Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks.
Severity
No CVSS data available.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.jenkins.io/security/advisory/2021-08-… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2021/08/31/1 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins Nested View Plugin |
Affected:
unspecified , ≤ 1.20
(custom)
Unaffected: 1.19.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:23:28.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2021-08-31/#SECURITY-2411"
},
{
"name": "[oss-security] 20210831 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/31/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Nested View Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "1.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.19.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T15:51:50.226Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jenkins.io/security/advisory/2021-08-31/#SECURITY-2411"
},
{
"name": "[oss-security] 20210831 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/31/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2021-21680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Nested View Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.20"
},
{
"version_affected": "!",
"version_value": "1.19.1"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611: Improper Restriction of XML External Entity Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2021-08-31/#SECURITY-2411",
"refsource": "CONFIRM",
"url": "https://www.jenkins.io/security/advisory/2021-08-31/#SECURITY-2411"
},
{
"name": "[oss-security] 20210831 Multiple vulnerabilities in Jenkins plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/08/31/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2021-21680",
"datePublished": "2021-08-31T13:50:18.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:23:28.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34182 (GCVE-0-2022-34182)
Vulnerability from cvelistv5 – Published: 2022-06-22 14:41 – Updated: 2024-08-03 08:16
VLAI
EPSS
VEX
Summary
Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability.
Severity
No CVSS data available.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.jenkins.io/security/advisory/2022-06-… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins Nested View Plugin |
Affected:
1.20 , < unspecified
(custom)
Affected: unspecified , ≤ 1.25 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:16:17.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2768"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Nested View Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.20",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.25",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T14:22:26.486Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2768"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2022-34182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Nested View Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.20"
},
{
"version_affected": "\u003c=",
"version_value": "1.25"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2768",
"refsource": "CONFIRM",
"url": "https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2768"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2022-34182",
"datePublished": "2022-06-22T14:41:09.000Z",
"dateReserved": "2022-06-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T08:16:17.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21680 (GCVE-0-2021-21680)
Vulnerability from cvelistv5 – Published: 2021-08-31 13:50 – Updated: 2024-08-03 18:23
VLAI
EPSS
VEX
Summary
Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks.
Severity
No CVSS data available.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.jenkins.io/security/advisory/2021-08-… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2021/08/31/1 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins Nested View Plugin |
Affected:
unspecified , ≤ 1.20
(custom)
Unaffected: 1.19.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:23:28.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2021-08-31/#SECURITY-2411"
},
{
"name": "[oss-security] 20210831 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/31/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Nested View Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "1.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.19.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T15:51:50.226Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jenkins.io/security/advisory/2021-08-31/#SECURITY-2411"
},
{
"name": "[oss-security] 20210831 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/31/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2021-21680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Nested View Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.20"
},
{
"version_affected": "!",
"version_value": "1.19.1"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611: Improper Restriction of XML External Entity Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2021-08-31/#SECURITY-2411",
"refsource": "CONFIRM",
"url": "https://www.jenkins.io/security/advisory/2021-08-31/#SECURITY-2411"
},
{
"name": "[oss-security] 20210831 Multiple vulnerabilities in Jenkins plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/08/31/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2021-21680",
"datePublished": "2021-08-31T13:50:18.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:23:28.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}