Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins pipeline maven integration vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2020-2256
Jenkins Pipeline Maven Integration Plugin 3.9.2 and previous versions does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Jenkins Pipeline Maven Integration
5.3
CVSSv3
CVE-2023-41934
Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and previous versions does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked.
Jenkins Pipeline Maven Integration
8.1
CVSSv3
CVE-2019-10327
An XML external entities (XXE) vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and previous versions allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file t...
Jenkins Pipeline Maven Integration
6.5
CVSSv3
CVE-2020-2233
A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and previous versions allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
Jenkins Pipeline Maven Integration
6.5
CVSSv3
CVE-2020-2234
A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and previous versions allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing c...
Jenkins Pipeline Maven Integration
6.5
CVSSv3
CVE-2020-2235
A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and previous versions allows malicious users to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially cap...
Jenkins Pipeline Maven Integration
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started