Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins maven vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2020-2235
A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and previous versions allows malicious users to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially cap...
Jenkins Pipeline Maven Integration
312
VMScore
CVE-2020-2256
Jenkins Pipeline Maven Integration Plugin 3.9.2 and previous versions does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Jenkins Pipeline Maven Integration
NA
CVE-2023-35143
Jenkins Maven Repository Server Plugin 1.10 and previous versions does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control maven project...
Jenkins Maven Repository Server
NA
CVE-2023-35144
Jenkins Maven Repository Server Plugin 1.10 and previous versions does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability.
Jenkins Maven Repository Server
NA
CVE-2023-40347
Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and previous versions does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.
Jenkins Maven Artifact Choicelistprovider \\(nexus\\)
356
VMScore
CVE-2018-1999030
An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and previous versions in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows malicious users to capt...
Jenkins Maven Artifact Choicelistprovider \\(nexus\\)
516
VMScore
CVE-2013-0253
The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote malicious users to spoof servers via a man-in-the-middle (MITM) attack.
Apache Maven 3.0.4
383
VMScore
CVE-2020-2295
A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and previous versions allows malicious users to start cascade builds and layout builds, and reconfigure the plugin.
Barchart Maven Cascade Release
356
VMScore
CVE-2020-2294
Jenkins Maven Cascade Release Plugin 1.3.2 and previous versions does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin.
Barchart Maven Cascade Release
668
VMScore
CVE-2022-29599
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
Apache Maven Shared Utils
Debian Debian Linux 10.0
Debian Debian Linux 11.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »