Build Metrics

build-metrics

Vendor: Jenkins • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-34785 1Jenkins 1Build Metrics Nov 21, 2024 Jun 30, 2022 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them.
CVE-2022-34784 1Jenkins 1Build Metrics Nov 21, 2024 Jun 30, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission.
CVE-2019-10475 1Jenkins 1Build Metrics Nov 21, 2024 Oct 23, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.