Vulnerabilities > Jenkins > Scriptler > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-12-13 CVE-2023-50765 Missing Authorization vulnerability in Jenkins Scriptler
A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID.
network
low complexity
jenkins CWE-862
4.3
2021-11-12 CVE-2021-21700 Cross-site Scripting vulnerability in Jenkins Scriptler 3.1/3.2/3.3
Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by exploitable by attackers able to create Scriptler scripts.
network
low complexity
jenkins CWE-79
5.4
2021-06-16 CVE-2021-21667 Cross-site Scripting vulnerability in Jenkins Scriptler 3.1/3.2
Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.
network
low complexity
jenkins CWE-79
5.4
2021-06-16 CVE-2021-21668 Cross-site Scripting vulnerability in Jenkins Scriptler 3.1
Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.
network
low complexity
jenkins CWE-79
5.4