High severity8.8NVD Advisory· Published Dec 17, 2019· Updated Jun 17, 2026
CVE-2019-16550
CVE-2019-16550
Description
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins.m2release:m2releaseMaven | < 0.16.2 | 0.16.2 |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
5- www.openwall.com/lists/oss-security/2019/12/17/1nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-g2x8-xw86-vpq3ghsaADVISORY
- jenkins.io/security/advisory/2019-12-17/nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2019-16550ghsaADVISORY
- github.com/jenkinsci/m2release-plugin/commit/1e4d6fee2eab16e7a396b6d3d5f10a87e5c29cc2ghsaWEB
News mentions
0No linked articles in our index yet.