Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins maven vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2019-10358
Jenkins Maven Integration Plugin 3.3 and previous versions did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log.
Jenkins Maven
5.9
CVSSv3
CVE-2017-1000397
Jenkins Maven Plugin 2.17 and previous versions bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. Maven Plugin 3.0 no longer has a dependency on ...
Jenkins Maven
8.8
CVSSv3
CVE-2019-16550
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and previous versions allows malicious users to have Jenkins connect to an attacker specified web server and parse XML documents.
Jenkins Maven
8.1
CVSSv3
CVE-2019-16549
Jenkins Maven Release Plugin 0.16.1 and previous versions does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle malicious users to have Jenkins parse crafted XML documents.
Jenkins Maven
5.4
CVSSv3
CVE-2022-34190
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and previous versions does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by a...
Jenkins Maven Metadata
5.4
CVSSv3
CVE-2022-36905
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and previous versions does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers wit...
Jenkins Maven Metadata
5.4
CVSSv3
CVE-2023-35143
Jenkins Maven Repository Server Plugin 1.10 and previous versions does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control maven project...
Jenkins Maven Repository Server
5.4
CVSSv3
CVE-2023-35144
Jenkins Maven Repository Server Plugin 1.10 and previous versions does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability.
Jenkins Maven Repository Server
5.3
CVSSv3
CVE-2023-41934
Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and previous versions does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked.
Jenkins Pipeline Maven Integration
6.5
CVSSv3
CVE-2020-2234
A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and previous versions allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing c...
Jenkins Pipeline Maven Integration
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »