Maven package
org.jenkins-ci.plugins/matrix-project
pkg:maven/org.jenkins-ci.plugins/matrix-project
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-23900 | — | < 822.824.v14451b | 822.824.v14451b | Jan 24, 2024 | Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content n | ||
| CVE-2022-20615 | — | >= 1.19, < 1.20 | 1.20 | Jan 12, 2022 | Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. | ||
| CVE-2020-2225 | — | < 1.17 | 1.17 | Jul 15, 2020 | Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability. | ||
| CVE-2020-2224 | — | < 1.17 | 1.17 | Jul 15, 2020 | Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerability. | ||
| CVE-2019-1003031 | — | < 1.14 | 1.14 | Mar 8, 2019 | A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM. |
- CVE-2024-23900Jan 24, 2024affected < 822.824.v14451bfixed 822.824.v14451b
Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content n
- CVE-2022-20615Jan 12, 2022affected >= 1.19, < 1.20fixed 1.20
Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.
- CVE-2020-2225Jul 15, 2020affected < 1.17fixed 1.17
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability.
- CVE-2020-2224Jul 15, 2020affected < 1.17fixed 1.17
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerability.
- CVE-2019-1003031Mar 8, 2019affected < 1.14fixed 1.14
A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.