pkg:maven/org.jenkins-ci.plugins/pipeline-githubnotify-step
Type
maven
Namespace
org.jenkins-ci.plugins
Name
pipeline-githubnotify-step
Known advisories, vulnerabilities and fixes for org.jenkins-ci.plugins/pipeline-githubnotify-step package.
High
3
Medium
1
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | <= 1.0.4 |
CVE-2020-2116
CVE-2020-2117 |
JENKINS:SECURITY-812-1 | CSRF vulnerability and missing permission checks in `pipeline-githubnotify-step` allows capturing credentials | high |
2020-02-12T00:00:00
(4 years ago) |
|
Fixed | = 1.0.5 |
CVE-2020-2116
CVE-2020-2117 |
JENKINS:SECURITY-812-1 | CSRF vulnerability and missing permission checks in `pipeline-githubnotify-step` allows capturing credentials | high |
2020-02-12T00:00:00
(4 years ago) |
|
Affected | <= 1.0.4 |
CVE-2020-2118
|
JENKINS:SECURITY-812-2 | Users with Overall/Read access can enumerate credential IDs in `pipeline-githubnotify-step` | medium |
2020-02-12T00:00:00
(4 years ago) |
|
Fixed | = 1.0.5 |
CVE-2020-2118
|
JENKINS:SECURITY-812-2 | Users with Overall/Read access can enumerate credential IDs in `pipeline-githubnotify-step` | medium |
2020-02-12T00:00:00
(4 years ago) |
|
Affected | < 1.0.5 |
CVE-2020-2116
|
MAVEN:GHSA-QHXF-M7JM-JC57 | CSRF vulnerability in Pipeline GitHub Notify Step Plugin allows capturing credentials | high |
2022-05-24T17:08:46
(2 years ago) |
|
Fixed | = 1.0.5 |
CVE-2020-2116
|
MAVEN:GHSA-QHXF-M7JM-JC57 | CSRF vulnerability in Pipeline GitHub Notify Step Plugin allows capturing credentials | high |
2022-05-24T17:08:46
(2 years ago) |
|
Affected | < 1.0.5 |
CVE-2020-2117
|
MAVEN:GHSA-X7RC-5MJG-5PVR | Missing permission checks in Pipeline GitHub Notify Step Plugin allows capturing credentials | high |
2022-05-24T17:08:46
(2 years ago) |
|
Fixed | = 1.0.5 |
CVE-2020-2117
|
MAVEN:GHSA-X7RC-5MJG-5PVR | Missing permission checks in Pipeline GitHub Notify Step Plugin allows capturing credentials | high |
2022-05-24T17:08:46
(2 years ago) |