pkg:maven/org.jenkins-ci.plugins/jira
Type
maven
Namespace
org.jenkins-ci.plugins
Name
jira
Known advisories, vulnerabilities and fixes for org.jenkins-ci.plugins/jira package.
High
1
Moderate
4
Medium
3
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | <= 3.0.1 |
CVE-2018-1000412
|
JENKINS:SECURITY-1029 | CSRF vulnerability and missing permission checks in Jira Plugin allowed capturing credentials | medium |
2018-09-25T00:00:00
(6 years ago) |
|
Fixed | = 3.0.2 |
CVE-2018-1000412
|
JENKINS:SECURITY-1029 | CSRF vulnerability and missing permission checks in Jira Plugin allowed capturing credentials | medium |
2018-09-25T00:00:00
(6 years ago) |
|
Affected | <= 3.0.10 |
CVE-2019-16541
|
JENKINS:SECURITY-1106 | Folder-scoped Jira sites in `jira` were able to access System-scoped credentials | medium |
2019-11-21T00:00:00
(4 years ago) |
|
Fixed | = 3.0.11 |
CVE-2019-16541
|
JENKINS:SECURITY-1106 | Folder-scoped Jira sites in `jira` were able to access System-scoped credentials | medium |
2019-11-21T00:00:00
(4 years ago) |
|
Affected | <= 3.7 |
CVE-2022-29036
CVE-2022-29037 CVE-2022-29038 CVE-2022-29039 CVE-2022-29040 CVE-2022-29041 CVE-2022-29042 CVE-2022-29043 CVE-2022-29044 CVE-2022-29045 CVE-2022-29046 |
JENKINS:SECURITY-2617 | Stored XSS vulnerabilities in multiple plugins providing additional parameter types | high |
2022-04-12T00:00:00
(2 years ago) |
|
Fixed | = 3.7.1 or 3.6.1 |
CVE-2022-29036
CVE-2022-29037 CVE-2022-29038 CVE-2022-29039 CVE-2022-29040 CVE-2022-29041 CVE-2022-29042 CVE-2022-29043 CVE-2022-29044 CVE-2022-29045 CVE-2022-29046 |
JENKINS:SECURITY-2617 | Stored XSS vulnerabilities in multiple plugins providing additional parameter types | high |
2022-04-12T00:00:00
(2 years ago) |
|
Affected | <= 3.11 |
CVE-2023-49653
|
JENKINS:SECURITY-3225 | Exposure of system-scoped credentials in `jira` | medium |
2023-11-29T00:00:00
(9 months ago) |
|
Fixed | = 3.12 |
CVE-2023-49653
|
JENKINS:SECURITY-3225 | Exposure of system-scoped credentials in `jira` | medium |
2023-11-29T00:00:00
(9 months ago) |
|
Affected | <= 3.0.10 |
CVE-2019-16541
|
MAVEN:GHSA-98M4-M2C3-QXGQ | Jenkins JIRA Plugin allows users to select and use credentials with System scope | moderate |
2022-05-24T17:01:40
(2 years ago) |
|
Fixed | = 3.0.11 |
CVE-2019-16541
|
MAVEN:GHSA-98M4-M2C3-QXGQ | Jenkins JIRA Plugin allows users to select and use credentials with System scope | moderate |
2022-05-24T17:01:40
(2 years ago) |
|
Affected | <= 3.0.1 |
CVE-2018-1000412
|
MAVEN:GHSA-FPG6-XQJ4-J7WF | Jenkins Jira Plugin Incorrect Authorization vulnerability | moderate |
2022-05-13T01:18:46
(2 years ago) |
|
Fixed | = 3.0.2 |
CVE-2018-1000412
|
MAVEN:GHSA-FPG6-XQJ4-J7WF | Jenkins Jira Plugin Incorrect Authorization vulnerability | moderate |
2022-05-13T01:18:46
(2 years ago) |
|
Affected | < 3.6.1 >= 3.7.0, < 3.7.1 |
CVE-2022-29041
|
MAVEN:GHSA-M3P3-2GP6-GHQ8 | Stored Cross-site Scripting vulnerability in Jenkins Jira Plugin | moderate |
2022-04-13T00:00:17
(2 years ago) |
|
Fixed | = 3.6.1 = 3.7.1 |
CVE-2022-29041
|
MAVEN:GHSA-M3P3-2GP6-GHQ8 | Stored Cross-site Scripting vulnerability in Jenkins Jira Plugin | moderate |
2022-04-13T00:00:17
(2 years ago) |
|
Affected | < 3.12 |
CVE-2023-49653
|
MAVEN:GHSA-QMHQ-876F-CR65 | Jenkins Jira Plugin vulnerable to exposure of system-scoped credentials | moderate |
2023-11-29T15:30:21
(9 months ago) |
|
Fixed | = 3.12 |
CVE-2023-49653
|
MAVEN:GHSA-QMHQ-876F-CR65 | Jenkins Jira Plugin vulnerable to exposure of system-scoped credentials | moderate |
2023-11-29T15:30:21
(9 months ago) |