Vulnerabilities > Jenkins > Favorite
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-15 | CVE-2022-27196 | Cross-site Scripting vulnerability in Jenkins Favorite Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions. | 5.4 |
2017-11-01 | CVE-2017-1000244 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Favorite Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification | 6.8 |