pkg:maven/org.jenkins-ci.plugins/electricflow
Type
maven
Namespace
org.jenkins-ci.plugins
Name
electricflow
Known advisories, vulnerabilities and fixes for org.jenkins-ci.plugins/electricflow package.
High
2
Moderate
8
Medium
8
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | <= 1.1.6 |
CVE-2019-10331
CVE-2019-10332 |
JENKINS:SECURITY-1410-1 | CSRF vulnerability and missing permission checks in `electricflow` allowed SSRF | medium |
2019-06-11T00:00:00
(5 years ago) |
|
Fixed | = 1.1.7 |
CVE-2019-10331
CVE-2019-10332 |
JENKINS:SECURITY-1410-1 | CSRF vulnerability and missing permission checks in `electricflow` allowed SSRF | medium |
2019-06-11T00:00:00
(5 years ago) |
|
Affected | <= 1.1.6 |
CVE-2019-10333
|
JENKINS:SECURITY-1410-2 | Missing permission checks in `electricflow` | medium |
2019-06-11T00:00:00
(5 years ago) |
|
Fixed | = 1.1.7 |
CVE-2019-10333
|
JENKINS:SECURITY-1410-2 | Missing permission checks in `electricflow` | medium |
2019-06-11T00:00:00
(5 years ago) |
|
Affected | <= 1.1.6 |
CVE-2019-10334
|
JENKINS:SECURITY-1411 | `electricflow` globally and unconditionally disabled SSL/TLS certificate validation | medium |
2019-06-11T00:00:00
(5 years ago) |
|
Fixed | = 1.1.7 |
CVE-2019-10334
|
JENKINS:SECURITY-1411 | `electricflow` globally and unconditionally disabled SSL/TLS certificate validation | medium |
2019-06-11T00:00:00
(5 years ago) |
|
Affected | <= 1.1.6 |
CVE-2019-10335
|
JENKINS:SECURITY-1412 | XSS vulnerability in build metadata contributed by `electricflow` | medium |
2019-06-11T00:00:00
(5 years ago) |
|
Fixed | = 1.1.7 |
CVE-2019-10335
|
JENKINS:SECURITY-1412 | XSS vulnerability in build metadata contributed by `electricflow` | medium |
2019-06-11T00:00:00
(5 years ago) |
|
Affected | <= 1.1.6 |
CVE-2019-10336
|
JENKINS:SECURITY-1420 | XSS vulnerability in `electricflow` affecting job configuration forms | medium |
2019-06-11T00:00:00
(5 years ago) |
|
Fixed | = 1.1.7 |
CVE-2019-10336
|
JENKINS:SECURITY-1420 | XSS vulnerability in `electricflow` affecting job configuration forms | medium |
2019-06-11T00:00:00
(5 years ago) |
|
Affected | <= 1.1.21 |
CVE-2021-21647
|
JENKINS:SECURITY-2309 | Missing permission check in `electricflow` allows scheduling builds | medium |
2021-04-21T00:00:00
(3 years ago) |
|
Fixed | = 1.1.22 |
CVE-2021-21647
|
JENKINS:SECURITY-2309 | Missing permission check in `electricflow` allows scheduling builds | medium |
2021-04-21T00:00:00
(3 years ago) |
|
Affected | <= 1.1.32 |
CVE-2023-46654
|
JENKINS:SECURITY-3237 | Arbitrary file deletion vulnerability in `electricflow` | high |
2023-10-25T00:00:00
(10 months ago) |
|
Fixed | = 1.1.33 |
CVE-2023-46654
|
JENKINS:SECURITY-3237 | Arbitrary file deletion vulnerability in `electricflow` | high |
2023-10-25T00:00:00
(10 months ago) |
|
Affected | <= 1.1.32 |
CVE-2023-46655
|
JENKINS:SECURITY-3238 | Arbitrary file read vulnerability in `electricflow` | medium |
2023-10-25T00:00:00
(10 months ago) |
|
Fixed | = 1.1.33 |
CVE-2023-46655
|
JENKINS:SECURITY-3238 | Arbitrary file read vulnerability in `electricflow` | medium |
2023-10-25T00:00:00
(10 months ago) |
|
Affected | <= 1.1.4 | JENKINS:SECURITY-937 | ElectricFlow Plugin globally and unconditionally disabled SSL/TLS certificate validation | medium |
2019-02-19T00:00:00
(5 years ago) |
||
Fixed | = 1.1.5 | JENKINS:SECURITY-937 | ElectricFlow Plugin globally and unconditionally disabled SSL/TLS certificate validation | medium |
2019-02-19T00:00:00
(5 years ago) |
||
Affected | <= 1.1.6 |
CVE-2019-10332
|
MAVEN:GHSA-66R6-RVV9-9X6M | Jenkins ElectricFlow Plugin missing permission check | moderate |
2022-05-24T16:47:43
(2 years ago) |
|
Fixed | = 1.1.7 |
CVE-2019-10332
|
MAVEN:GHSA-66R6-RVV9-9X6M | Jenkins ElectricFlow Plugin missing permission check | moderate |
2022-05-24T16:47:43
(2 years ago) |
|
Affected | <= 1.1.6 |
CVE-2019-10331
|
MAVEN:GHSA-76X4-HR82-CG3M | Jenkins ElectricFlow Plugin cross-site request forgery vulnerability | moderate |
2022-05-24T16:47:43
(2 years ago) |
|
Fixed | = 1.1.7 |
CVE-2019-10331
|
MAVEN:GHSA-76X4-HR82-CG3M | Jenkins ElectricFlow Plugin cross-site request forgery vulnerability | moderate |
2022-05-24T16:47:43
(2 years ago) |
|
Affected | >= 1.1.19, < 1.1.22 < 1.1.18.1 |
CVE-2021-21647
|
MAVEN:GHSA-7RX6-4VWV-432G | Missing permission check in Jenkins CloudBees CD Plugin allows scheduling builds | moderate |
2022-05-24T17:48:06
(2 years ago) |
|
Fixed | = 1.1.22 = 1.1.18.1 |
CVE-2021-21647
|
MAVEN:GHSA-7RX6-4VWV-432G | Missing permission check in Jenkins CloudBees CD Plugin allows scheduling builds | moderate |
2022-05-24T17:48:06
(2 years ago) |
|
Affected | < 1.1.33 |
CVE-2023-46655
|
MAVEN:GHSA-9GGW-H9MF-4JH7 | Jenkins CloudBees CD Plugin vulnerable to arbitrary file read | moderate |
2023-10-25T18:32:25
(10 months ago) |
|
Fixed | = 1.1.33 |
CVE-2023-46655
|
MAVEN:GHSA-9GGW-H9MF-4JH7 | Jenkins CloudBees CD Plugin vulnerable to arbitrary file read | moderate |
2023-10-25T18:32:25
(10 months ago) |
|
Affected | <= 1.1.6 |
CVE-2019-10335
|
MAVEN:GHSA-FX9P-2QVX-PGJV | Jenkins ElectricFlow Plugin is vulnerable to stored cross site scripting vulnerability | moderate |
2022-05-24T16:47:43
(2 years ago) |
|
Fixed | = 1.1.7 |
CVE-2019-10335
|
MAVEN:GHSA-FX9P-2QVX-PGJV | Jenkins ElectricFlow Plugin is vulnerable to stored cross site scripting vulnerability | moderate |
2022-05-24T16:47:43
(2 years ago) |
|
Affected | < 1.1.33 |
CVE-2023-46654
|
MAVEN:GHSA-JX7X-RF3F-J644 | Jenkins CloudBees CD Plugin vulnerable to arbitrary file deletion | high |
2023-10-25T18:32:25
(10 months ago) |
|
Fixed | = 1.1.33 |
CVE-2023-46654
|
MAVEN:GHSA-JX7X-RF3F-J644 | Jenkins CloudBees CD Plugin vulnerable to arbitrary file deletion | high |
2023-10-25T18:32:25
(10 months ago) |
|
Affected | <= 1.1.6 |
CVE-2019-10333
|
MAVEN:GHSA-M8F2-9282-X38V | Jenkins ElectricFlow Plugin Missing permission checks | moderate |
2022-05-24T16:47:43
(2 years ago) |
|
Fixed | = 1.1.7 |
CVE-2019-10333
|
MAVEN:GHSA-M8F2-9282-X38V | Jenkins ElectricFlow Plugin Missing permission checks | moderate |
2022-05-24T16:47:43
(2 years ago) |
|
Affected | <= 1.1.6 |
CVE-2019-10336
|
MAVEN:GHSA-W3PJ-V9JR-V2WC | Jenkins ElectricFlow Plugin is vulnerable to reflected cross site scripting vulnerability | moderate |
2022-05-24T16:47:43
(2 years ago) |
|
Fixed | = 1.1.7 |
CVE-2019-10336
|
MAVEN:GHSA-W3PJ-V9JR-V2WC | Jenkins ElectricFlow Plugin is vulnerable to reflected cross site scripting vulnerability | moderate |
2022-05-24T16:47:43
(2 years ago) |
|
Affected | <= 1.1.6 |
CVE-2019-10334
|
MAVEN:GHSA-XMQV-PFW7-QMJ7 | Jenkins ElectricFlow Plugin globally and unconditionally disabled SSL/TLS certificate validation | moderate |
2022-05-24T16:47:43
(2 years ago) |
|
Fixed | = 1.1.7 |
CVE-2019-10334
|
MAVEN:GHSA-XMQV-PFW7-QMJ7 | Jenkins ElectricFlow Plugin globally and unconditionally disabled SSL/TLS certificate validation | moderate |
2022-05-24T16:47:43
(2 years ago) |