VYPR

Maven package

javagh.jenkins/mashup-portlets-plugin

pkg:maven/javagh.jenkins/mashup-portlets-plugin

Vulnerabilities (2)

  • CVE-2023-28679Mar 23, 2023
    affected <= 1.1.2

    Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/

  • CVE-2019-10347Jul 11, 2019
    affected < 1.1.0fixed 1.1.0

    Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system.