Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins maven vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2020-2294
Jenkins Maven Cascade Release Plugin 1.3.2 and previous versions does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin.
Barchart Maven Cascade Release
3.5
CVSSv2
CVE-2020-2256
Jenkins Pipeline Maven Integration Plugin 3.9.2 and previous versions does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Jenkins Pipeline Maven Integration
4
CVSSv2
CVE-2020-2234
A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and previous versions allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing c...
Jenkins Pipeline Maven Integration
4
CVSSv2
CVE-2020-2233
A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and previous versions allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
Jenkins Pipeline Maven Integration
4.3
CVSSv2
CVE-2020-2235
A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and previous versions allows malicious users to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially cap...
Jenkins Pipeline Maven Integration
6.8
CVSSv2
CVE-2019-16550
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and previous versions allows malicious users to have Jenkins connect to an attacker specified web server and parse XML documents.
Jenkins Maven
6.8
CVSSv2
CVE-2019-16549
Jenkins Maven Release Plugin 0.16.1 and previous versions does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle malicious users to have Jenkins parse crafted XML documents.
Jenkins Maven
4
CVSSv2
CVE-2019-10358
Jenkins Maven Integration Plugin 3.3 and previous versions did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log.
Jenkins Maven
6.8
CVSSv2
CVE-2019-10359
A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and previous versions in the M2ReleaseAction#doSubmit method allowed malicious users to perform releases with attacker-specified options.
Jenkins M2release
3.5
CVSSv2
CVE-2019-10360
A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and previous versions allowed malicious users to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.
Jenkins M2 Release
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »