VYPR

Maven package

org.jenkins-ci.plugins/ontrack

pkg:maven/org.jenkins-ci.plugins/ontrack

Vulnerabilities (2)

  • CVE-2022-34192Jun 22, 2022
    affected <= 4.0.0

    Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploita

  • CVE-2019-10306Apr 18, 2019
    affected < 3.4.1fixed 3.4.1

    A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM.