Vulnerabilities (CVE)

Filtered by vendor Jenkins Subscribe
Filtered by product Favorite
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-27196 1 Jenkins 1 Favorite 2024-02-28 3.5 LOW 5.4 MEDIUM
Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions.
CVE-2017-1000244 1 Jenkins 1 Favorite 2024-02-28 6.8 MEDIUM 8.8 HIGH
Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification