pkg:maven/org.jenkins-ci.plugins/jira-steps
Type
maven
Namespace
org.jenkins-ci.plugins
Name
jira-steps
Known advisories, vulnerabilities and fixes for org.jenkins-ci.plugins/jira-steps package.
Moderate
4
Medium
1
Low
1
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | <= 2.0.165.v8846cf59f3db |
CVE-2023-24439
CVE-2023-24440 |
JENKINS:SECURITY-2774 | Keys stored in plain text by `jira-steps` | low |
2023-01-24T00:00:00
(20 months ago) |
|
Affected | <= 2.0.165.v8846cf59f3db |
CVE-2023-24437
CVE-2023-24438 |
JENKINS:SECURITY-2786 | CSRF vulnerability and missing permission checks in `jira-steps` | medium |
2023-01-24T00:00:00
(20 months ago) |
|
Affected | <= 2.0.165.v8846cf59f3db |
CVE-2023-24440
|
MAVEN:GHSA-3G2G-RCM6-RRQ2 | Cleartext Transmission of Sensitive Information in Jenkins JIRA Pipeline Steps Plugin | moderate |
2023-01-26T21:30:18
(19 months ago) |
|
Affected | <= 2.0.165.v8846cf59f3db |
CVE-2023-24438
|
MAVEN:GHSA-6J27-3XFW-CJ2W | Missing permissions check in Jenkins JIRA Pipeline Steps Plugin | moderate |
2023-01-26T21:30:18
(19 months ago) |
|
Affected | <= 2.0.165.v8846cf59f3db |
CVE-2023-24439
|
MAVEN:GHSA-G29V-5PWH-WXX4 | Plaintext Storage of a Password in Jenkins JIRA Pipeline Steps Plugin | moderate |
2023-01-26T21:30:18
(19 months ago) |
|
Affected | <= 2.0.165.v8846cf59f3db |
CVE-2023-24437
|
MAVEN:GHSA-R3GM-JWF4-XGV2 | Cross-site request forgery vulnerability in Jenkins JIRA Pipeline Steps Plugin | moderate |
2023-01-26T21:30:18
(19 months ago) |