Maven package
com.synopsys.jenkinsci/ownership
pkg:maven/com.synopsys.jenkinsci/ownership
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-28152 | — | <= 0.13.0 | — | Mar 29, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job. | ||
| CVE-2022-28151 | — | <= 0.13.0 | — | Mar 29, 2022 | A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job. | ||
| CVE-2022-28150 | — | <= 0.13.0 | — | Mar 29, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job. | ||
| CVE-2022-28149 | — | <= 0.13.0 | — | Mar 29, 2022 | Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||
| CVE-2018-1000107 | — | < 0.12.0 | 0.12.0 | Mar 13, 2018 | An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Computer/Configure permission and without Own |
- CVE-2022-28152Mar 29, 2022affected <= 0.13.0
A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to restore the default ownership of a job.
- CVE-2022-28151Mar 29, 2022affected <= 0.13.0
A missing permission check in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers with Item/Read permission to change the owners and item-specific permissions of a job.
- CVE-2022-28150Mar 29, 2022affected <= 0.13.0
A cross-site request forgery (CSRF) vulnerability in Jenkins Job and Node ownership Plugin 0.13.0 and earlier allows attackers to change the owners and item-specific permissions of a job.
- CVE-2022-28149Mar 29, 2022affected <= 0.13.0
Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not escape the names of the secondary owners, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
- CVE-2018-1000107Mar 13, 2018affected < 0.12.0fixed 0.12.0
An improper authorization vulnerability exists in Jenkins Job and Node Ownership Plugin 0.11.0 and earlier in OwnershipDescription.java, JobOwnerJobProperty.java, and OwnerNodeProperty.java that allow an attacker with Job/Configure or Computer/Configure permission and without Own