pkg:maven/org.jenkins-ci.plugins/pipeline-maven
Type
maven
Namespace
org.jenkins-ci.plugins
Name
pipeline-maven
Known advisories, vulnerabilities and fixes for org.jenkins-ci.plugins/pipeline-maven package.
High
7
Moderate
2
Medium
2
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | <= 3.7.0 |
CVE-2019-10327
|
JENKINS:SECURITY-1409 | XML External Entity processing vulnerability in `pipeline-maven` | high |
2019-05-31T00:00:00
(5 years ago) |
|
Fixed | = 3.7.1 |
CVE-2019-10327
|
JENKINS:SECURITY-1409 | XML External Entity processing vulnerability in `pipeline-maven` | high |
2019-05-31T00:00:00
(5 years ago) |
|
Affected | <= 3.8.2 |
CVE-2020-2233
|
JENKINS:SECURITY-1794-1 | Missing permission check in `pipeline-maven` allows enumerating credentials IDs | medium |
2020-08-12T00:00:00
(4 years ago) |
|
Fixed | = 3.8.3 |
CVE-2020-2233
|
JENKINS:SECURITY-1794-1 | Missing permission check in `pipeline-maven` allows enumerating credentials IDs | medium |
2020-08-12T00:00:00
(4 years ago) |
|
Affected | <= 3.8.2 |
CVE-2020-2234
CVE-2020-2235 |
JENKINS:SECURITY-1794-2 | CSRF vulnerability and missing permission check in `pipeline-maven` allow capturing credentials | high |
2020-08-12T00:00:00
(4 years ago) |
|
Fixed | = 3.8.3 |
CVE-2020-2234
CVE-2020-2235 |
JENKINS:SECURITY-1794-2 | CSRF vulnerability and missing permission check in `pipeline-maven` allow capturing credentials | high |
2020-08-12T00:00:00
(4 years ago) |
|
Affected | <= 3.9.2 |
CVE-2020-2256
|
JENKINS:SECURITY-1976 | Stored XSS vulnerability in upstream cause in `pipeline-maven` | high |
2020-09-16T00:00:00
(4 years ago) |
|
Fixed | = 3.9.3 |
CVE-2020-2256
|
JENKINS:SECURITY-1976 | Stored XSS vulnerability in upstream cause in `pipeline-maven` | high |
2020-09-16T00:00:00
(4 years ago) |
|
Affected | <= 1330.v18e473854496 |
CVE-2023-41934
|
JENKINS:SECURITY-3257 | Improper masking of credentials in `pipeline-maven` | medium |
2023-09-06T00:00:00
(12 months ago) |
|
Fixed | = 1331.v003efa_fd6e81 |
CVE-2023-41934
|
JENKINS:SECURITY-3257 | Improper masking of credentials in `pipeline-maven` | medium |
2023-09-06T00:00:00
(12 months ago) |
|
Affected | < 3.8.3 |
CVE-2020-2233
|
MAVEN:GHSA-32XP-M6VG-GWPJ | Missing permission check in Jenkins Pipeline Maven Integration Plugin allows enumerating credentials IDs | moderate |
2022-05-24T17:25:24
(2 years ago) |
|
Fixed | = 3.8.3 |
CVE-2020-2233
|
MAVEN:GHSA-32XP-M6VG-GWPJ | Missing permission check in Jenkins Pipeline Maven Integration Plugin allows enumerating credentials IDs | moderate |
2022-05-24T17:25:24
(2 years ago) |
|
Affected | < 3.7.1 |
CVE-2019-10327
|
MAVEN:GHSA-6755-JGP4-8Q7H | XML External Entity processing vulnerability in Pipeline Maven Integration Jenkins Plugin | high |
2022-05-24T22:00:03
(2 years ago) |
|
Fixed | = 3.7.1 |
CVE-2019-10327
|
MAVEN:GHSA-6755-JGP4-8Q7H | XML External Entity processing vulnerability in Pipeline Maven Integration Jenkins Plugin | high |
2022-05-24T22:00:03
(2 years ago) |
|
Affected | <= 1330.v18e473854496 |
CVE-2023-41934
|
MAVEN:GHSA-9V8G-F9MQ-739G | Improper masking of credentials in Jenkins Pipeline Maven Integration Plugin | moderate |
2023-09-06T15:30:26
(12 months ago) |
|
Fixed | = 1331.v003efa_fd6e81 |
CVE-2023-41934
|
MAVEN:GHSA-9V8G-F9MQ-739G | Improper masking of credentials in Jenkins Pipeline Maven Integration Plugin | moderate |
2023-09-06T15:30:26
(12 months ago) |
|
Affected | < 3.8.3 |
CVE-2020-2235
|
MAVEN:GHSA-C2HG-2JJ6-H8VH | CSRF vulnerability in Jenkins Pipeline Maven Integration Plugin allow capturing credentials | high |
2022-05-24T17:25:25
(2 years ago) |
|
Fixed | = 3.8.3 |
CVE-2020-2235
|
MAVEN:GHSA-C2HG-2JJ6-H8VH | CSRF vulnerability in Jenkins Pipeline Maven Integration Plugin allow capturing credentials | high |
2022-05-24T17:25:25
(2 years ago) |
|
Affected | <= 3.9.2 |
CVE-2020-2256
|
MAVEN:GHSA-HQ2H-9MC3-H6W2 | Stored XSS vulnerability in Pipeline Maven Integration Plugin via unescaped display name | high |
2022-05-24T17:28:25
(2 years ago) |
|
Fixed | = 3.9.3 |
CVE-2020-2256
|
MAVEN:GHSA-HQ2H-9MC3-H6W2 | Stored XSS vulnerability in Pipeline Maven Integration Plugin via unescaped display name | high |
2022-05-24T17:28:25
(2 years ago) |
|
Affected | < 3.8.3 |
CVE-2020-2234
|
MAVEN:GHSA-MRR8-FCG7-P2WG | Missing permission check in Jenkins Pipeline Maven Integration Plugin allow capturing credentials | high |
2022-05-24T17:25:24
(2 years ago) |
|
Fixed | = 3.8.3 |
CVE-2020-2234
|
MAVEN:GHSA-MRR8-FCG7-P2WG | Missing permission check in Jenkins Pipeline Maven Integration Plugin allow capturing credentials | high |
2022-05-24T17:25:24
(2 years ago) |