Maven package
org.jenkins-ci.plugins/cloudbees-jenkins-advisor
pkg:maven/org.jenkins-ci.plugins/cloudbees-jenkins-advisor
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-47885 | — | < 374.376.v3a_41a_a_142efe | 374.376.v3a_41a_a_142efe | May 14, 2025 | Jenkins Health Advisor by CloudBees Plugin 374.v194b_d4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Jenkins Health Advisor server respon | ||
| CVE-2020-2258 | — | < 3.2.1 | 3.2.1 | Sep 16, 2020 | Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view that HTTP endpoint. | ||
| CVE-2020-2094 | — | < 3.0.1 | 3.0.1 | Jan 15, 2020 | A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient. | ||
| CVE-2020-2093 | — | < 3.0.1 | 3.0.1 | Jan 15, 2020 | A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers to send an email with fixed content to an attacker-specified recipient. |
- CVE-2025-47885May 14, 2025affected < 374.376.v3a_41a_a_142efefixed 374.376.v3a_41a_a_142efe
Jenkins Health Advisor by CloudBees Plugin 374.v194b_d4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Jenkins Health Advisor server respon
- CVE-2020-2258Sep 16, 2020affected < 3.2.1fixed 3.2.1
Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view that HTTP endpoint.
- CVE-2020-2094Jan 15, 2020affected < 3.0.1fixed 3.0.1
A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient.
- CVE-2020-2093Jan 15, 2020affected < 3.0.1fixed 3.0.1
A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers to send an email with fixed content to an attacker-specified recipient.