pkg:maven/org.jenkins-ci.plugins/job-import-plugin
Type
maven
Namespace
org.jenkins-ci.plugins
Name
job-import-plugin
Known advisories, vulnerabilities and fixes for org.jenkins-ci.plugins/job-import-plugin package.
Critical
1
High
1
Moderate
3
Medium
3
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | <= 3.0 |
CVE-2019-1003017
|
 JENKINS:SECURITY-1302
|
CSRF vulnerability in Job Import Plugin allowed creating and overwriting jobs, installing some plugins | medium |
2019-01-28T00:00:00
(5 years ago) |
|
| Fixed | = 3.1 |
CVE-2019-1003017
|
JENKINS:SECURITY-1302
|
CSRF vulnerability in Job Import Plugin allowed creating and overwriting jobs, installing some plugins | medium |
2019-01-28T00:00:00
(5 years ago) |
|
| Affected | <= 3.5 |
CVE-2022-43413
|
JENKINS:SECURITY-2791
|
Missing permission check in `job-import-plugin` allows enumerating credentials IDs | medium |
2022-10-19T00:00:00
(23 months ago) |
|
| Fixed | = 3.6 |
CVE-2022-43413
|
JENKINS:SECURITY-2791
|
Missing permission check in `job-import-plugin` allows enumerating credentials IDs | medium |
2022-10-19T00:00:00
(23 months ago) |
|
| Affected | <= 2.1 |
CVE-2019-1003015
|
JENKINS:SECURITY-905-1
|
XXE vulnerability in Job Import Plugin | high |
2019-01-28T00:00:00
(5 years ago) |
|
| Fixed | = 3.0 |
CVE-2019-1003015
|
JENKINS:SECURITY-905-1
|
XXE vulnerability in Job Import Plugin | high |
2019-01-28T00:00:00
(5 years ago) |
|
| Affected | <= 2.1 |
CVE-2019-1003016
|
JENKINS:SECURITY-905-2
|
CSRF vulnerability and missing permission checks in Job Import Plugin allowed capturing credentials | medium |
2019-01-28T00:00:00
(5 years ago) |
|
| Fixed | = 3.0 |
CVE-2019-1003016
|
JENKINS:SECURITY-905-2
|
CSRF vulnerability and missing permission checks in Job Import Plugin allowed capturing credentials | medium |
2019-01-28T00:00:00
(5 years ago) |
|
| Affected | <= 3.5 |
CVE-2022-43413
|
 MAVEN:GHSA-4G29-R7VJ-2RPV
|
Jenkins Job Import Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins | moderate |
2022-10-19T19:00:22
(23 months ago) |
|
| Fixed | = 3.6 |
CVE-2022-43413
|
MAVEN:GHSA-4G29-R7VJ-2RPV
|
Jenkins Job Import Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins | moderate |
2022-10-19T19:00:22
(23 months ago) |
|
| Affected | <= 2.1 |
CVE-2019-1003016
|
MAVEN:GHSA-57WW-2CVR-WV38
|
Jenkins Job Import Plugin vulnerable to exposure of sensitive information | moderate |
2022-05-13T01:31:34
(2 years ago) |
|
| Fixed | = 3.0 |
CVE-2019-1003016
|
MAVEN:GHSA-57WW-2CVR-WV38
|
Jenkins Job Import Plugin vulnerable to exposure of sensitive information | moderate |
2022-05-13T01:31:34
(2 years ago) |
|
| Affected | < 3.0 |
CVE-2019-1003015
|
MAVEN:GHSA-882R-R8FW-P538
|
XXE vulnerability in Jenkins Job Import Plugin | critical |
2022-05-13T01:31:35
(2 years ago) |
|
| Fixed | = 3.0 |
CVE-2019-1003015
|
MAVEN:GHSA-882R-R8FW-P538
|
XXE vulnerability in Jenkins Job Import Plugin | critical |
2022-05-13T01:31:35
(2 years ago) |
|
| Affected | <= 3.0 |
CVE-2019-1003017
|
MAVEN:GHSA-8CRR-XF35-5F5P
|
Jenkins Job Import Plugin CSRF vulnerability | moderate |
2022-05-13T01:31:34
(2 years ago) |
|
| Fixed | = 3.1 |
CVE-2019-1003017
|
MAVEN:GHSA-8CRR-XF35-5F5P
|
Jenkins Job Import Plugin CSRF vulnerability | moderate |
2022-05-13T01:31:34
(2 years ago) |