Maven package
com.groupon.jenkins-ci.plugins/DotCi
pkg:maven/com.groupon.jenkins-ci.plugins/DotCi
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-41239 | — | <= 2.40.00 | — | Sep 21, 2022 | Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability. | ||
| CVE-2022-41238 | — | <= 2.40.00 | — | Sep 21, 2022 | A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits. | ||
| CVE-2022-41237 | — | <= 2.40.00 | — | Sep 21, 2022 | Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. |
- CVE-2022-41239Sep 21, 2022affected <= 2.40.00
Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability.
- CVE-2022-41238Sep 21, 2022affected <= 2.40.00
A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits.
- CVE-2022-41237Sep 21, 2022affected <= 2.40.00
Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.