1. Home
  2. Security Advisories
  3. Maven
  4. MAVEN:GHSA-FJH2-QHFH-RVFC

[MAVEN:GHSA-FJH2-QHFH-RVFC] Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin CSRF vulnerability and missing permission checks

Severity Moderate
Affected Packages 1
Fixed Packages 1
CVEs 1
Info Packages References Vulnerabilities

An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.

Package Affected Version
pkg:maven/org.jenkins-ci.plugins/maven-artifact-choicelistprovider <= 1.3.1
Package Fixed Version
pkg:maven/org.jenkins-ci.plugins/maven-artifact-choicelistprovider = 1.3.2
ID
MAVEN:GHSA-FJH2-QHFH-RVFC
Severity
moderate
URL
https://github.com/advisories/GHSA-fjh2-qhfh-rvfc
Published
2022-05-13T01:50:55
(2 years ago)
Modified
2024-01-09T20:53:32
(8 months ago)
Rights
Maven Security Team
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.plugins/maven-artifact-choicelistprovider org.jenkins-ci.plugins maven-artifact-choicelistprovider <= 1.3.1
Fixed pkg:maven/org.jenkins-ci.plugins/maven-artifact-choicelistprovider org.jenkins-ci.plugins maven-artifact-choicelistprovider = 1.3.2
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date