Maven package
org.jenkins-ci.plugins/recipe
pkg:maven/org.jenkins-ci.plugins/recipe
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-34794 | — | <= 1.2 | — | Jun 30, 2022 | Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. | ||
| CVE-2022-34793 | — | <= 1.2 | — | Jun 30, 2022 | Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||
| CVE-2022-34792 | — | <= 1.2 | — | Jun 30, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML. |
- CVE-2022-34794Jun 30, 2022affected <= 1.2
Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML.
- CVE-2022-34793Jun 30, 2022affected <= 1.2
Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- CVE-2022-34792Jun 30, 2022affected <= 1.2
A cross-site request forgery (CSRF) vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML.