CVE-2019-16550
- EPSS 0.12%
- Published 17.12.2019 15:15:15
- Last modified 21.11.2024 04:30:48
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.
CVE-2019-16549
- EPSS 0.09%
- Published 17.12.2019 15:15:14
- Last modified 21.11.2024 04:30:48
Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents.
CVE-2019-10358
- EPSS 0.14%
- Published 31.07.2019 13:15:12
- Last modified 21.11.2024 04:18:57
Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log.
CVE-2017-1000397
- EPSS 0.03%
- Published 26.01.2018 02:29:00
- Last modified 21.11.2024 03:04:38
Jenkins Maven Plugin 2.17 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. Maven Plugin 3.0 no longer ...