Maven package
org.jenkins-ci.plugins/lucene-search
pkg:maven/org.jenkins-ci.plugins/lucene-search
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-30529 | — | < 398.v3dfa_cb_223984 | 398.v3dfa_cb_223984 | Apr 12, 2023 | Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database. | ||
| CVE-2022-36922 | — | < 387.v938a | 387.v938a | Jul 27, 2022 | Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting (XSS) vulnerability. | ||
| CVE-2022-36910 | — | < 387.v938a | 387.v938a | Jul 27, 2022 | Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them. |
- CVE-2023-30529Apr 12, 2023affected < 398.v3dfa_cb_223984fixed 398.v3dfa_cb_223984
Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database.
- CVE-2022-36922Jul 27, 2022affected < 387.v938afixed 387.v938a
Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting (XSS) vulnerability.
- CVE-2022-36910Jul 27, 2022affected < 387.v938afixed 387.v938a
Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them.