Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins maven vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2019-10358
Jenkins Maven Integration Plugin 3.3 and previous versions did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log.
Jenkins Maven
605
VMScore
CVE-2019-16549
Jenkins Maven Release Plugin 0.16.1 and previous versions does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle malicious users to have Jenkins parse crafted XML documents.
Jenkins Maven
605
VMScore
CVE-2019-16550
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and previous versions allows malicious users to have Jenkins connect to an attacker specified web server and parse XML documents.
Jenkins Maven
383
VMScore
CVE-2017-1000397
Jenkins Maven Plugin 2.17 and previous versions bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. Maven Plugin 3.0 no longer has a dependency on ...
Jenkins Maven
NA
CVE-2022-36905
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and previous versions does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers wit...
Jenkins Maven Metadata
312
VMScore
CVE-2022-34190
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and previous versions does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by a...
Jenkins Maven Metadata
312
VMScore
CVE-2020-2256
Jenkins Pipeline Maven Integration Plugin 3.9.2 and previous versions does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Jenkins Pipeline Maven Integration
NA
CVE-2023-35143
Jenkins Maven Repository Server Plugin 1.10 and previous versions does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control maven project...
Jenkins Maven Repository Server
NA
CVE-2023-35144
Jenkins Maven Repository Server Plugin 1.10 and previous versions does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability.
Jenkins Maven Repository Server
490
VMScore
CVE-2019-10327
An XML external entities (XXE) vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and previous versions allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file t...
Jenkins Pipeline Maven Integration
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »