Maven package
org.jenkins-ci.main/maven-plugin
pkg:maven/org.jenkins-ci.main/maven-plugin
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-10358 | — | < 3.4 | 3.4 | Jul 31, 2019 | Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log. | ||
| CVE-2017-1000397 | — | < 3.0 | 3.0 | Jan 26, 2018 | Jenkins Maven Plugin 2.17 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. Maven Plugin 3.0 no longer has a dependency on commons-ht |
- CVE-2019-10358Jul 31, 2019affected < 3.4fixed 3.4
Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log.
- CVE-2017-1000397Jan 26, 2018affected < 3.0fixed 3.0
Jenkins Maven Plugin 2.17 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. Maven Plugin 3.0 no longer has a dependency on commons-ht