Maven package
org.jvnet.hudson.plugins/ftppublisher
pkg:maven/org.jvnet.hudson.plugins/ftppublisher
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-1003059 | — | <= 1.2 | — | Apr 4, 2019 | A missing permission check in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | ||
| CVE-2019-1003058 | — | <= 1.2 | — | Apr 4, 2019 | A cross-site request forgery vulnerability in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers to initiate a connection to an attacker-specified server. | ||
| CVE-2019-1003055 | — | <= 1.2 | — | Apr 4, 2019 | Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. |
- CVE-2019-1003059Apr 4, 2019affected <= 1.2
A missing permission check in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
- CVE-2019-1003058Apr 4, 2019affected <= 1.2
A cross-site request forgery vulnerability in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers to initiate a connection to an attacker-specified server.
- CVE-2019-1003055Apr 4, 2019affected <= 1.2
Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.