Maven package

org.jenkins-ci.plugins/violations

pkg:maven/org.jenkins-ci.plugins/violations

Vulnerabilities (2)

CVE	Sev	CVSS	KEV	Affected versions	Fixed in	Published	Description
CVE-2022-45386		—		<= 0.7.11	—	Nov 15, 2022	Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2012-4440		—		< 0.7.11	0.7.11	Nov 18, 2019	Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the Violations plugin.

CVE-2022-45386Nov 15, 2022
affected <= 0.7.11
Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2012-4440Nov 18, 2019
affected < 0.7.11fixed 0.7.11
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the Violations plugin.