Maven package
org.jenkins-ci.plugins/openshift-deployer
pkg:maven/org.jenkins-ci.plugins/openshift-deployer
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-36909 | — | <= 1.2.0 | — | Jul 27, 2022 | A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins contro | ||
| CVE-2022-36908 | — | <= 1.2.0 | — | Jul 27, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller f | ||
| CVE-2022-36907 | — | <= 1.2.0 | — | Jul 27, 2022 | A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. | ||
| CVE-2022-36906 | — | <= 1.2.0 | — | Jul 27, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password. | ||
| CVE-2020-2155 | — | <= 1.2.0 | — | Mar 9, 2020 | Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | ||
| CVE-2019-1003081 | — | <= 1.2.0 | — | Apr 4, 2019 | A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | ||
| CVE-2019-1003080 | — | <= 1.2.0 | — | Apr 4, 2019 | A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server. |
- CVE-2022-36909Jul 27, 2022affected <= 1.2.0
A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins contro
- CVE-2022-36908Jul 27, 2022affected <= 1.2.0
A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller f
- CVE-2022-36907Jul 27, 2022affected <= 1.2.0
A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.
- CVE-2022-36906Jul 27, 2022affected <= 1.2.0
A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password.
- CVE-2020-2155Mar 9, 2020affected <= 1.2.0
Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
- CVE-2019-1003081Apr 4, 2019affected <= 1.2.0
A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
- CVE-2019-1003080Apr 4, 2019affected <= 1.2.0
A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server.