Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins maven vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-41934
Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and previous versions does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked.
Jenkins Pipeline Maven Integration
NA
CVE-2023-40347
Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and previous versions does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.
Jenkins Maven Artifact Choicelistprovider \\(nexus\\)
NA
CVE-2023-35143
Jenkins Maven Repository Server Plugin 1.10 and previous versions does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control maven project...
Jenkins Maven Repository Server
NA
CVE-2023-35144
Jenkins Maven Repository Server Plugin 1.10 and previous versions does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability.
Jenkins Maven Repository Server
NA
CVE-2022-36905
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and previous versions does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers wit...
Jenkins Maven Metadata
3.5
CVSSv2
CVE-2022-34190
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and previous versions does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by a...
Jenkins Maven Metadata
3.5
CVSSv2
CVE-2022-34195
Jenkins Repository Connector Plugin 2.2.0 and previous versions does not escape the name and description of Maven Repository Artifact parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Confi...
Jenkins Repository Connector
7.5
CVSSv2
CVE-2022-29599
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
Apache Maven Shared Utils
Debian Debian Linux 10.0
Debian Debian Linux 11.0
6.4
CVSSv2
CVE-2021-26291
Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend ...
Apache Maven
Quarkus Quarkus
Oracle Financial Services Analytical Applications Infrastructure
Oracle Goldengate Big Data And Application Adapters 23.1
1 Github repository
4
CVSSv2
CVE-2020-2294
Jenkins Maven Cascade Release Plugin 1.3.2 and previous versions does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin.
Barchart Maven Cascade Release
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »