pkg:maven/org.jenkins-ci.plugins/job-import-plugin
Type
maven
Namespace
org.jenkins-ci.plugins
Name
job-import-plugin
Known advisories, vulnerabilities and fixes for org.jenkins-ci.plugins/job-import-plugin package.
Critical
1
High
1
Moderate
3
Medium
3
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | <= 3.0 |
CVE-2019-1003017
|
JENKINS:SECURITY-1302 | CSRF vulnerability in Job Import Plugin allowed creating and overwriting jobs, installing some plugins | medium |
2019-01-28T00:00:00
(5 years ago) |
|
Fixed | = 3.1 |
CVE-2019-1003017
|
JENKINS:SECURITY-1302 | CSRF vulnerability in Job Import Plugin allowed creating and overwriting jobs, installing some plugins | medium |
2019-01-28T00:00:00
(5 years ago) |
|
Affected | <= 3.5 |
CVE-2022-43413
|
JENKINS:SECURITY-2791 | Missing permission check in `job-import-plugin` allows enumerating credentials IDs | medium |
2022-10-19T00:00:00
(23 months ago) |
|
Fixed | = 3.6 |
CVE-2022-43413
|
JENKINS:SECURITY-2791 | Missing permission check in `job-import-plugin` allows enumerating credentials IDs | medium |
2022-10-19T00:00:00
(23 months ago) |
|
Affected | <= 2.1 |
CVE-2019-1003015
|
JENKINS:SECURITY-905-1 | XXE vulnerability in Job Import Plugin | high |
2019-01-28T00:00:00
(5 years ago) |
|
Fixed | = 3.0 |
CVE-2019-1003015
|
JENKINS:SECURITY-905-1 | XXE vulnerability in Job Import Plugin | high |
2019-01-28T00:00:00
(5 years ago) |
|
Affected | <= 2.1 |
CVE-2019-1003016
|
JENKINS:SECURITY-905-2 | CSRF vulnerability and missing permission checks in Job Import Plugin allowed capturing credentials | medium |
2019-01-28T00:00:00
(5 years ago) |
|
Fixed | = 3.0 |
CVE-2019-1003016
|
JENKINS:SECURITY-905-2 | CSRF vulnerability and missing permission checks in Job Import Plugin allowed capturing credentials | medium |
2019-01-28T00:00:00
(5 years ago) |
|
Affected | <= 3.5 |
CVE-2022-43413
|
MAVEN:GHSA-4G29-R7VJ-2RPV | Jenkins Job Import Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins | moderate |
2022-10-19T19:00:22
(23 months ago) |
|
Fixed | = 3.6 |
CVE-2022-43413
|
MAVEN:GHSA-4G29-R7VJ-2RPV | Jenkins Job Import Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins | moderate |
2022-10-19T19:00:22
(23 months ago) |
|
Affected | <= 2.1 |
CVE-2019-1003016
|
MAVEN:GHSA-57WW-2CVR-WV38 | Jenkins Job Import Plugin vulnerable to exposure of sensitive information | moderate |
2022-05-13T01:31:34
(2 years ago) |
|
Fixed | = 3.0 |
CVE-2019-1003016
|
MAVEN:GHSA-57WW-2CVR-WV38 | Jenkins Job Import Plugin vulnerable to exposure of sensitive information | moderate |
2022-05-13T01:31:34
(2 years ago) |
|
Affected | < 3.0 |
CVE-2019-1003015
|
MAVEN:GHSA-882R-R8FW-P538 | XXE vulnerability in Jenkins Job Import Plugin | critical |
2022-05-13T01:31:35
(2 years ago) |
|
Fixed | = 3.0 |
CVE-2019-1003015
|
MAVEN:GHSA-882R-R8FW-P538 | XXE vulnerability in Jenkins Job Import Plugin | critical |
2022-05-13T01:31:35
(2 years ago) |
|
Affected | <= 3.0 |
CVE-2019-1003017
|
MAVEN:GHSA-8CRR-XF35-5F5P | Jenkins Job Import Plugin CSRF vulnerability | moderate |
2022-05-13T01:31:34
(2 years ago) |
|
Fixed | = 3.1 |
CVE-2019-1003017
|
MAVEN:GHSA-8CRR-XF35-5F5P | Jenkins Job Import Plugin CSRF vulnerability | moderate |
2022-05-13T01:31:34
(2 years ago) |