Maven package
org.jenkins-ci.plugins.workflow/workflow-support
pkg:maven/org.jenkins-ci.plugins.workflow/workflow-support
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-43409 | — | < 839.v35e2736cfd5c | 839.v35e2736cfd5c | Oct 19, 2022 | Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create Pipelines. | ||
| CVE-2018-1000058 | — | < 2.18 | 2.18 | Feb 9, 2018 | Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore ex |
- CVE-2022-43409Oct 19, 2022affected < 839.v35e2736cfd5cfixed 839.v35e2736cfd5c
Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create Pipelines.
- CVE-2018-1000058Feb 9, 2018affected < 2.18fixed 2.18
Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore ex