Maven package
org.jenkins-ci.plugins/database
pkg:maven/org.jenkins-ci.plugins/database
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-2242 | Med | 6.5 | < 1.7 | 1.7 | Sep 1, 2020 | A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials. | |
| CVE-2020-2241 | Hig | 8.8 | < 1.7 | 1.7 | Sep 1, 2020 | A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials. | |
| CVE-2020-2240 | Hig | 8.8 | < 1.7 | 1.7 | Sep 1, 2020 | A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts. |
- affected < 1.7fixed 1.7
A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials.
- affected < 1.7fixed 1.7
A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials.
- affected < 1.7fixed 1.7
A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts.