Maven package
org.jenkins-ci.plugins/crowd2
pkg:maven/org.jenkins-ci.plugins/crowd2
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-1000423 | — | < 2.0.1 | 2.0.1 | Jan 9, 2019 | An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2 | ||
| CVE-2018-1000422 | — | < 2.0.1 | 2.0.1 | Jan 9, 2019 | An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and co |
- CVE-2018-1000423Jan 9, 2019affected < 2.0.1fixed 2.0.1
An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2
- CVE-2018-1000422Jan 9, 2019affected < 2.0.1fixed 2.0.1
An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and co