Skip to main content

Matrix Project

4 CVEs product

Monthly

CVE-2024-23900 Maven MEDIUM PATCH This Month

Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Matrix Project
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-2225 Maven MEDIUM PATCH This Month

Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Matrix Project
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2020-2224 Maven MEDIUM PATCH This Month

Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Matrix Project
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2019-1003031 Maven CRITICAL PATCH Act Now

A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins RCE Matrix Project Openshift Container Platform
NVD
CVSS 3.1
9.9
EPSS
3.4%
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Matrix Project
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Matrix Project
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Matrix Project
NVD
EPSS 3% CVSS 9.9
CRITICAL PATCH Act Now

A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins RCE +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy