Vulnerabilities > Jenkins > Scriptler > 3.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-13 | CVE-2023-50764 | Unspecified vulnerability in Jenkins Scriptler Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system. | 8.1 |
2023-12-13 | CVE-2023-50765 | Missing Authorization vulnerability in Jenkins Scriptler A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID. | 4.3 |
2021-11-12 | CVE-2021-21700 | Cross-site Scripting vulnerability in Jenkins Scriptler 3.1/3.2/3.3 Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by exploitable by attackers able to create Scriptler scripts. | 5.4 |