pkg:maven/org.jenkins-ci.plugins/electricflow
Type
maven
Namespace
org.jenkins-ci.plugins
Name
electricflow
Known advisories, vulnerabilities and fixes for org.jenkins-ci.plugins/electricflow package.
High
2
Moderate
8
Medium
8
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | <= 1.1.6 |
CVE-2019-10331
CVE-2019-10332 |
 JENKINS:SECURITY-1410-1
|
CSRF vulnerability and missing permission checks in `electricflow` allowed SSRF | medium |
2019-06-11T00:00:00
(5 years ago) |
|
| Fixed | = 1.1.7 |
CVE-2019-10331
CVE-2019-10332 |
JENKINS:SECURITY-1410-1
|
CSRF vulnerability and missing permission checks in `electricflow` allowed SSRF | medium |
2019-06-11T00:00:00
(5 years ago) |
|
| Affected | <= 1.1.6 |
CVE-2019-10333
|
JENKINS:SECURITY-1410-2
|
Missing permission checks in `electricflow` | medium |
2019-06-11T00:00:00
(5 years ago) |
|
| Fixed | = 1.1.7 |
CVE-2019-10333
|
JENKINS:SECURITY-1410-2
|
Missing permission checks in `electricflow` | medium |
2019-06-11T00:00:00
(5 years ago) |
|
| Affected | <= 1.1.6 |
CVE-2019-10334
|
JENKINS:SECURITY-1411
|
`electricflow` globally and unconditionally disabled SSL/TLS certificate validation | medium |
2019-06-11T00:00:00
(5 years ago) |
|
| Fixed | = 1.1.7 |
CVE-2019-10334
|
JENKINS:SECURITY-1411
|
`electricflow` globally and unconditionally disabled SSL/TLS certificate validation | medium |
2019-06-11T00:00:00
(5 years ago) |
|
| Affected | <= 1.1.6 |
CVE-2019-10335
|
JENKINS:SECURITY-1412
|
XSS vulnerability in build metadata contributed by `electricflow` | medium |
2019-06-11T00:00:00
(5 years ago) |
|
| Fixed | = 1.1.7 |
CVE-2019-10335
|
JENKINS:SECURITY-1412
|
XSS vulnerability in build metadata contributed by `electricflow` | medium |
2019-06-11T00:00:00
(5 years ago) |
|
| Affected | <= 1.1.6 |
CVE-2019-10336
|
JENKINS:SECURITY-1420
|
XSS vulnerability in `electricflow` affecting job configuration forms | medium |
2019-06-11T00:00:00
(5 years ago) |
|
| Fixed | = 1.1.7 |
CVE-2019-10336
|
JENKINS:SECURITY-1420
|
XSS vulnerability in `electricflow` affecting job configuration forms | medium |
2019-06-11T00:00:00
(5 years ago) |
|
| Affected | <= 1.1.21 |
CVE-2021-21647
|
JENKINS:SECURITY-2309
|
Missing permission check in `electricflow` allows scheduling builds | medium |
2021-04-21T00:00:00
(3 years ago) |
|
| Fixed | = 1.1.22 |
CVE-2021-21647
|
JENKINS:SECURITY-2309
|
Missing permission check in `electricflow` allows scheduling builds | medium |
2021-04-21T00:00:00
(3 years ago) |
|
| Affected | <= 1.1.32 |
CVE-2023-46654
|
JENKINS:SECURITY-3237
|
Arbitrary file deletion vulnerability in `electricflow` | high |
2023-10-25T00:00:00
(10 months ago) |
|
| Fixed | = 1.1.33 |
CVE-2023-46654
|
JENKINS:SECURITY-3237
|
Arbitrary file deletion vulnerability in `electricflow` | high |
2023-10-25T00:00:00
(10 months ago) |
|
| Affected | <= 1.1.32 |
CVE-2023-46655
|
JENKINS:SECURITY-3238
|
Arbitrary file read vulnerability in `electricflow` | medium |
2023-10-25T00:00:00
(10 months ago) |
|
| Fixed | = 1.1.33 |
CVE-2023-46655
|
JENKINS:SECURITY-3238
|
Arbitrary file read vulnerability in `electricflow` | medium |
2023-10-25T00:00:00
(10 months ago) |
|
| Affected | <= 1.1.4 |
JENKINS:SECURITY-937
|
ElectricFlow Plugin globally and unconditionally disabled SSL/TLS certificate validation | medium |
2019-02-19T00:00:00
(5 years ago) |
||
| Fixed | = 1.1.5 |
JENKINS:SECURITY-937
|
ElectricFlow Plugin globally and unconditionally disabled SSL/TLS certificate validation | medium |
2019-02-19T00:00:00
(5 years ago) |
||
| Affected | <= 1.1.6 |
CVE-2019-10332
|
 MAVEN:GHSA-66R6-RVV9-9X6M
|
Jenkins ElectricFlow Plugin missing permission check | moderate |
2022-05-24T16:47:43
(2 years ago) |
|
| Fixed | = 1.1.7 |
CVE-2019-10332
|
MAVEN:GHSA-66R6-RVV9-9X6M
|
Jenkins ElectricFlow Plugin missing permission check | moderate |
2022-05-24T16:47:43
(2 years ago) |
|
| Affected | <= 1.1.6 |
CVE-2019-10331
|
MAVEN:GHSA-76X4-HR82-CG3M
|
Jenkins ElectricFlow Plugin cross-site request forgery vulnerability | moderate |
2022-05-24T16:47:43
(2 years ago) |
|
| Fixed | = 1.1.7 |
CVE-2019-10331
|
MAVEN:GHSA-76X4-HR82-CG3M
|
Jenkins ElectricFlow Plugin cross-site request forgery vulnerability | moderate |
2022-05-24T16:47:43
(2 years ago) |
|
| Affected | >= 1.1.19, < 1.1.22 < 1.1.18.1 |
CVE-2021-21647
|
MAVEN:GHSA-7RX6-4VWV-432G
|
Missing permission check in Jenkins CloudBees CD Plugin allows scheduling builds | moderate |
2022-05-24T17:48:06
(2 years ago) |
|
| Fixed | = 1.1.22 = 1.1.18.1 |
CVE-2021-21647
|
MAVEN:GHSA-7RX6-4VWV-432G
|
Missing permission check in Jenkins CloudBees CD Plugin allows scheduling builds | moderate |
2022-05-24T17:48:06
(2 years ago) |
|
| Affected | < 1.1.33 |
CVE-2023-46655
|
MAVEN:GHSA-9GGW-H9MF-4JH7
|
Jenkins CloudBees CD Plugin vulnerable to arbitrary file read | moderate |
2023-10-25T18:32:25
(10 months ago) |
|
| Fixed | = 1.1.33 |
CVE-2023-46655
|
MAVEN:GHSA-9GGW-H9MF-4JH7
|
Jenkins CloudBees CD Plugin vulnerable to arbitrary file read | moderate |
2023-10-25T18:32:25
(10 months ago) |
|
| Affected | <= 1.1.6 |
CVE-2019-10335
|
MAVEN:GHSA-FX9P-2QVX-PGJV
|
Jenkins ElectricFlow Plugin is vulnerable to stored cross site scripting vulnerability | moderate |
2022-05-24T16:47:43
(2 years ago) |
|
| Fixed | = 1.1.7 |
CVE-2019-10335
|
MAVEN:GHSA-FX9P-2QVX-PGJV
|
Jenkins ElectricFlow Plugin is vulnerable to stored cross site scripting vulnerability | moderate |
2022-05-24T16:47:43
(2 years ago) |
|
| Affected | < 1.1.33 |
CVE-2023-46654
|
MAVEN:GHSA-JX7X-RF3F-J644
|
Jenkins CloudBees CD Plugin vulnerable to arbitrary file deletion | high |
2023-10-25T18:32:25
(10 months ago) |
|
| Fixed | = 1.1.33 |
CVE-2023-46654
|
MAVEN:GHSA-JX7X-RF3F-J644
|
Jenkins CloudBees CD Plugin vulnerable to arbitrary file deletion | high |
2023-10-25T18:32:25
(10 months ago) |
|
| Affected | <= 1.1.6 |
CVE-2019-10333
|
MAVEN:GHSA-M8F2-9282-X38V
|
Jenkins ElectricFlow Plugin Missing permission checks | moderate |
2022-05-24T16:47:43
(2 years ago) |
|
| Fixed | = 1.1.7 |
CVE-2019-10333
|
MAVEN:GHSA-M8F2-9282-X38V
|
Jenkins ElectricFlow Plugin Missing permission checks | moderate |
2022-05-24T16:47:43
(2 years ago) |
|
| Affected | <= 1.1.6 |
CVE-2019-10336
|
MAVEN:GHSA-W3PJ-V9JR-V2WC
|
Jenkins ElectricFlow Plugin is vulnerable to reflected cross site scripting vulnerability | moderate |
2022-05-24T16:47:43
(2 years ago) |
|
| Fixed | = 1.1.7 |
CVE-2019-10336
|
MAVEN:GHSA-W3PJ-V9JR-V2WC
|
Jenkins ElectricFlow Plugin is vulnerable to reflected cross site scripting vulnerability | moderate |
2022-05-24T16:47:43
(2 years ago) |
|
| Affected | <= 1.1.6 |
CVE-2019-10334
|
MAVEN:GHSA-XMQV-PFW7-QMJ7
|
Jenkins ElectricFlow Plugin globally and unconditionally disabled SSL/TLS certificate validation | moderate |
2022-05-24T16:47:43
(2 years ago) |
|
| Fixed | = 1.1.7 |
CVE-2019-10334
|
MAVEN:GHSA-XMQV-PFW7-QMJ7
|
Jenkins ElectricFlow Plugin globally and unconditionally disabled SSL/TLS certificate validation | moderate |
2022-05-24T16:47:43
(2 years ago) |