Maven package
org.jvnet.hudson.plugins/favorite
pkg:maven/org.jvnet.hudson.plugins/favorite
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-27196 | — | < 2.4.1 | 2.4.1 | Mar 15, 2022 | Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions. | ||
| CVE-2017-1000244 | Hig | 8.8 | < 2.3.2 | 2.3.2 | Nov 1, 2017 | Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification | |
| CVE-2017-1000243 | Med | 4.3 | < 2.3.0 | 2.3.0 | Nov 1, 2017 | Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites |
- CVE-2022-27196Mar 15, 2022affected < 2.4.1fixed 2.4.1
Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions.
- affected < 2.3.2fixed 2.3.2
Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification
- affected < 2.3.0fixed 2.3.0
Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites