Maven package
io.jenkins.blueocean/blueocean-parent
pkg:maven/io.jenkins.blueocean/blueocean-parent
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-30954 | — | < 1.25.4 | 1.25.4 | May 17, 2022 | Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server. | ||
| CVE-2022-30953 | — | < 1.25.4 | 1.25.4 | May 17, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server. |
- CVE-2022-30954May 17, 2022affected < 1.25.4fixed 1.25.4
Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.
- CVE-2022-30953May 17, 2022affected < 1.25.4fixed 1.25.4
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server.