VYPR

Maven package

org.jenkins-ci.plugins/semantic-versioning-plugin

pkg:maven/org.jenkins-ci.plugins/semantic-versioning-plugin

Vulnerabilities (3)

  • CVE-2023-24430Jan 24, 2023
    affected < 1.15fixed 1.15

    Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

  • CVE-2023-24429Jan 24, 2023
    affected < 1.15fixed 1.15

    Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file

  • CVE-2022-27201Mar 15, 2022
    affected < 1.14fixed 1.14

    Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file