Maven package
org.jenkins-ci.plugins/semantic-versioning-plugin
pkg:maven/org.jenkins-ci.plugins/semantic-versioning-plugin
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-24430 | — | < 1.15 | 1.15 | Jan 24, 2023 | Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||
| CVE-2023-24429 | — | < 1.15 | 1.15 | Jan 24, 2023 | Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file | ||
| CVE-2022-27201 | — | < 1.14 | 1.14 | Mar 15, 2022 | Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file |
- CVE-2023-24430Jan 24, 2023affected < 1.15fixed 1.15
Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- CVE-2023-24429Jan 24, 2023affected < 1.15fixed 1.15
Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file
- CVE-2022-27201Mar 15, 2022affected < 1.14fixed 1.14
Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file