Maven package
javagh.jenkins/mashup-portlets-plugin
pkg:maven/javagh.jenkins/mashup-portlets-plugin
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-28679 | — | <= 1.1.2 | — | Mar 23, 2023 | Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/ | ||
| CVE-2019-10347 | — | < 1.1.0 | 1.1.0 | Jul 11, 2019 | Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system. |
- CVE-2023-28679Mar 23, 2023affected <= 1.1.2
Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/
- CVE-2019-10347Jul 11, 2019affected < 1.1.0fixed 1.1.0
Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system.