VYPR

Maven package

org.jenkins-ci.plugins/support-core

pkg:maven/org.jenkins-ci.plugins/support-core

Vulnerabilities (5)

  • CVE-2022-45383Nov 15, 2022
    affected < 1206.1208.v9b_7a_1d48db_0ffixed 1206.1208.v9b_7a_1d48db_0f

    An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission.

  • CVE-2022-25187Feb 15, 2022
    affected < 2.79.1fixed 2.79.1

    Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle.

  • CVE-2021-21621Feb 24, 2021
    affected < 2.72.1fixed 2.72.1

    Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID of the user creating the support bundle in some configurations.

  • CVE-2019-16540Nov 21, 2019
    affected < 2.64fixed 2.64

    A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete arbitrary files on the Jenkins master.

  • CVE-2019-16539Nov 21, 2019
    affected < 2.64fixed 2.64

    A missing permission check in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete support bundles.