Maven package

org.jenkins-ci.plugins/p4

pkg:maven/org.jenkins-ci.plugins/p4

Vulnerabilities (4)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2021-21655	—	< 1.11.5	1.11.5	May 11, 2021	A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password.
CVE-2021-21654	—	< 1.11.5	1.11.5	May 11, 2021	Jenkins P4 Plugin 1.11.4 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified Perforce server using attacker-specified username and password.
CVE-2020-2142	—	< 1.10.11	1.10.11	Mar 9, 2020	A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier allows attackers with Overall/Read permission to trigger builds.
CVE-2020-2141	—	< 1.10.11	1.10.11	Mar 9, 2020	A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.10 and earlier allows attackers to trigger builds or add a labels in Perforce.

CVE-2021-21655May 11, 2021
affected < 1.11.5fixed 1.11.5
A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password.
CVE-2021-21654May 11, 2021
affected < 1.11.5fixed 1.11.5
Jenkins P4 Plugin 1.11.4 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified Perforce server using attacker-specified username and password.
CVE-2020-2142Mar 9, 2020
affected < 1.10.11fixed 1.10.11
A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier allows attackers with Overall/Read permission to trigger builds.
CVE-2020-2141Mar 9, 2020
affected < 1.10.11fixed 1.10.11
A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.10 and earlier allows attackers to trigger builds or add a labels in Perforce.