VYPR

Job Import Plugin

by Jenkins Project

Source repositories

CVEs (5)

  • CVE-2019-1003015CriFeb 6, 2019
    risk 0.59cvss 9.1epss 0.02

    An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/client/RestApiClient.java that allows attackers with the ability to control the HTTP server (Jenkins) queried in preparation of…

  • CVE-2019-1003016HigFeb 6, 2019
    risk 0.57cvss 8.8epss 0.01

    An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java, src/main/java/org/jenkins/ci/plugins/jobimport/JobImportGlobalConfig.java,…

  • CVE-2026-48926MedMay 27, 2026
    risk 0.28cvss 4.3epss 0.00

    Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

  • CVE-2019-1003017MedFeb 6, 2019
    risk 0.27cvss 5.3epss 0.01

    A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's…

  • CVE-2022-43413MedOct 19, 2022
    risk 0.21cvss 4.3epss 0.01

    Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.