Maven package
io.jenkins.plugins/perfecto
pkg:maven/io.jenkins.plugins/perfecto
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-2261 | — | < 1.18 | 1.18 | Sep 16, 2020 | Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller | ||
| CVE-2020-2260 | — | < 1.18 | 1.18 | Sep 16, 2020 | A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. |
- CVE-2020-2261Sep 16, 2020affected < 1.18fixed 1.18
Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller
- CVE-2020-2260Sep 16, 2020affected < 1.18fixed 1.18
A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials.