Maven package
org.jenkins-ci.plugins/pipeline-build-step
pkg:maven/org.jenkins-ci.plugins/pipeline-build-step
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-25762 | — | < 2.18.1 | 2.18.1 | Feb 15, 2023 | Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names. | ||
| CVE-2022-25184 | — | < 2.15.1 | 2.15.1 | Feb 15, 2022 | Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs. | ||
| CVE-2020-2118 | — | < 1.0.5 | 1.0.5 | Feb 12, 2020 | A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | ||
| CVE-2017-1000089 | Med | 5.3 | < 2.5.1 | 2.5.1 | Oct 5, 2017 | Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project i |
- CVE-2023-25762Feb 15, 2023affected < 2.18.1fixed 2.18.1
Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control job names.
- CVE-2022-25184Feb 15, 2022affected < 2.15.1fixed 2.15.1
Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs.
- CVE-2020-2118Feb 12, 2020affected < 1.0.5fixed 1.0.5
A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
- affected < 2.5.1fixed 2.5.1
Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project i