Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins maven vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-29599
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
Apache Maven Shared Utils
Debian Debian Linux 10.0
Debian Debian Linux 11.0
9.1
CVSSv3
CVE-2021-26291
Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend ...
Apache Maven
Quarkus Quarkus
Oracle Financial Services Analytical Applications Infrastructure
Oracle Goldengate Big Data And Application Adapters 23.1
1 Github repository
8.8
CVSSv3
CVE-2019-16550
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and previous versions allows malicious users to have Jenkins connect to an attacker specified web server and parse XML documents.
Jenkins Maven
8.1
CVSSv3
CVE-2019-16549
Jenkins Maven Release Plugin 0.16.1 and previous versions does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle malicious users to have Jenkins parse crafted XML documents.
Jenkins Maven
8.1
CVSSv3
CVE-2019-10327
An XML external entities (XXE) vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and previous versions allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file t...
Jenkins Pipeline Maven Integration
6.5
CVSSv3
CVE-2023-40347
Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and previous versions does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.
Jenkins Maven Artifact Choicelistprovider (nexus)
6.5
CVSSv3
CVE-2020-2294
Jenkins Maven Cascade Release Plugin 1.3.2 and previous versions does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin.
Barchart Maven Cascade Release
6.5
CVSSv3
CVE-2020-2295
A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and previous versions allows malicious users to start cascade builds and layout builds, and reconfigure the plugin.
Barchart Maven Cascade Release
6.5
CVSSv3
CVE-2020-2233
A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and previous versions allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
Jenkins Pipeline Maven Integration
6.5
CVSSv3
CVE-2020-2234
A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and previous versions allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing c...
Jenkins Pipeline Maven Integration
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »