Maven package
org.jenkins-ci.plugins/requests
pkg:maven/org.jenkins-ci.plugins/requests
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-34782 | — | < 2.2.17 | 2.2.17 | Jun 30, 2022 | An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests. | ||
| CVE-2021-21676 | — | < 2.2.8 | 2.2.8 | Jun 30, 2021 | Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send test emails to an attacker-specified email address. | ||
| CVE-2021-21675 | — | < 2.2.13 | 2.2.13 | Jun 30, 2021 | A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests. | ||
| CVE-2021-21674 | — | < 2.2.7 | 2.2.7 | Jun 30, 2021 | A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and earlier allows attackers with Overall/Read permission to view the list of pending requests. |
- CVE-2022-34782Jun 30, 2022affected < 2.2.17fixed 2.2.17
An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests.
- CVE-2021-21676Jun 30, 2021affected < 2.2.8fixed 2.2.8
Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send test emails to an attacker-specified email address.
- CVE-2021-21675Jun 30, 2021affected < 2.2.13fixed 2.2.13
A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests.
- CVE-2021-21674Jun 30, 2021affected < 2.2.7fixed 2.2.7
A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and earlier allows attackers with Overall/Read permission to view the list of pending requests.