Maven package
org.jenkins-ci.plugins/sonargraph-integration
pkg:maven/org.jenkins-ci.plugins/sonargraph-integration
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-35145 | — | <= 5.0.1 | — | Jun 14, 2023 | Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission. | ||
| CVE-2020-2201 | — | < 3.0.1 | 3.0.1 | Jul 2, 2020 | Jenkins Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation, resulting in a stored cross-site scripting vulnerability. |
- CVE-2023-35145Jun 14, 2023affected <= 5.0.1
Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission.
- CVE-2020-2201Jul 2, 2020affected < 3.0.1fixed 3.0.1
Jenkins Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation, resulting in a stored cross-site scripting vulnerability.