cpe:2.3:a:jenkins:cadence_vmanager:1.9:*:*:*:*:jenkins:*:*
Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.
Source: Jenkins Project
Max CVSS
5.4
EPSS Score
0.05%
Published
2020-09-01
Updated
2023-11-02
Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM.
Source: Jenkins Project
Max CVSS
8.2
EPSS Score
0.17%
Published
2019-10-16
Updated
2023-10-25
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!