Maven package
org.jenkins-ci/update-center2
pkg:maven/org.jenkins-ci/update-center2
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-27905 | — | >= 3.13, < 3.15 | 3.15 | Mar 8, 2023 | Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a plugin for hosting. | ||
| CVE-2022-45397 | — | <= 1.0.2 | — | Nov 15, 2022 | Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
- CVE-2023-27905Mar 8, 2023affected >= 3.13, < 3.15fixed 3.15
Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a plugin for hosting.
- CVE-2022-45397Nov 15, 2022affected <= 1.0.2
Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.