Maven package
org.jenkins-ci.plugins/jenkins-reviewbot
pkg:maven/org.jenkins-ci.plugins/jenkins-reviewbot
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-10279 | — | <= 2.4.6 | — | Apr 4, 2019 | A missing permission check in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | ||
| CVE-2019-10278 | — | <= 2.4.6 | — | Apr 4, 2019 | A cross-site request forgery vulnerability in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. |
- CVE-2019-10279Apr 4, 2019affected <= 2.4.6
A missing permission check in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
- CVE-2019-10278Apr 4, 2019affected <= 2.4.6
A cross-site request forgery vulnerability in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.