Vulnerabilities > Jenkins > Matrix Project

DATE CVE VULNERABILITY TITLE RISK
2024-01-24 CVE-2024-23900 Unspecified vulnerability in Jenkins Matrix Project
Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers.
network
low complexity
jenkins
4.3
2022-01-12 CVE-2022-20615 Cross-site Scripting vulnerability in multiple products
Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.
network
low complexity
jenkins oracle CWE-79
5.4
2020-07-15 CVE-2020-2225 Cross-site Scripting vulnerability in Jenkins Matrix Project
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability.
network
low complexity
jenkins CWE-79
5.4
2020-07-15 CVE-2020-2224 Cross-site Scripting vulnerability in Jenkins Matrix Project
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerability.
network
low complexity
jenkins CWE-79
5.4
2019-03-08 CVE-2019-1003031 A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.
network
low complexity
jenkins redhat
critical
9.9