VYPR

Maven package

org.jenkins-ci.plugins/convert-to-pipeline

pkg:maven/org.jenkins-ci.plugins/convert-to-pipeline

Vulnerabilities (2)

  • CVE-2023-28677Mar 23, 2023
    affected <= 1.0

    Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure Freestyle projects to prepare

  • CVE-2023-28676Mar 23, 2023
    affected <= 1.0

    A cross-site request forgery (CSRF) vulnerability in Jenkins Convert To Pipeline Plugin 1.0 and earlier allows attackers to create a Pipeline based on a Freestyle project, potentially leading to remote code execution (RCE).