Maven package
org.jenkins-ci.plugins/deployer-framework
pkg:maven/org.jenkins-ci.plugins/deployer-framework
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-36891 | — | < 86.v7b_a_4a_55b_f3ec | 86.v7b_a_4a_55b_f3ec | Jul 27, 2022 | A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs. | ||
| CVE-2022-36890 | — | < 86.v7b_a_4a_55b_f3ec | 86.v7b_a_4a_55b_f3ec | Jul 27, 2022 | Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file sy | ||
| CVE-2022-36889 | — | < 86.v7b_a_4a_55b_f3ec | 86.v7b_a_4a_55b_f3ec | Jul 27, 2022 | Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the sele | ||
| CVE-2020-2227 | — | < 1.3 | 1.3 | Jul 15, 2020 | Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability. |
- CVE-2022-36891Jul 27, 2022affected < 86.v7b_a_4a_55b_f3ecfixed 86.v7b_a_4a_55b_f3ec
A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs.
- CVE-2022-36890Jul 27, 2022affected < 86.v7b_a_4a_55b_f3ecfixed 86.v7b_a_4a_55b_f3ec
Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file sy
- CVE-2022-36889Jul 27, 2022affected < 86.v7b_a_4a_55b_f3ecfixed 86.v7b_a_4a_55b_f3ec
Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the sele
- CVE-2020-2227Jul 15, 2020affected < 1.3fixed 1.3
Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability.