Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins maven vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2017-1000397
Jenkins Maven Plugin 2.17 and previous versions bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. Maven Plugin 3.0 no longer has a dependency on ...
Jenkins Maven
4
CVSSv2
CVE-2019-10358
Jenkins Maven Integration Plugin 3.3 and previous versions did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log.
Jenkins Maven
6.8
CVSSv2
CVE-2019-16549
Jenkins Maven Release Plugin 0.16.1 and previous versions does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle malicious users to have Jenkins parse crafted XML documents.
Jenkins Maven
6.8
CVSSv2
CVE-2019-16550
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and previous versions allows malicious users to have Jenkins connect to an attacker specified web server and parse XML documents.
Jenkins Maven
NA
CVE-2022-36905
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and previous versions does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers wit...
Jenkins Maven Metadata
3.5
CVSSv2
CVE-2022-34190
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and previous versions does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by a...
Jenkins Maven Metadata
4
CVSSv2
CVE-2020-2233
A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and previous versions allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
Jenkins Pipeline Maven Integration
4
CVSSv2
CVE-2020-2234
A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and previous versions allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing c...
Jenkins Pipeline Maven Integration
4.3
CVSSv2
CVE-2020-2235
A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and previous versions allows malicious users to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially cap...
Jenkins Pipeline Maven Integration
3.5
CVSSv2
CVE-2020-2256
Jenkins Pipeline Maven Integration Plugin 3.9.2 and previous versions does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Jenkins Pipeline Maven Integration
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »