Warnings Next Generation Plugin

CVEs (4)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2022-23107	Jenkins Project Warnings Next Generation Plugin	—	0.01	Jan 12, 2022	Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system.
CVE-2021-21626	Jenkins Project Warnings Next Generation Plugin	—	0.00	Mar 18, 2021	Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file…
CVE-2019-1003008	Jenkins Project Warnings Next Generation Plugin	—	0.00	Feb 6, 2019	A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint.
CVE-2019-1003023	Jenkins Project Warnings Next Generation Plugin	—	0.00	Feb 6, 2019	A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java,…

CVE-2022-23107Jan 12, 2022
Jenkins Project
Warnings Next Generation Plugin
risk 0.00cvss —epss 0.01
Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system.
CVE-2021-21626Mar 18, 2021
Jenkins Project
Warnings Next Generation Plugin
risk 0.00cvss —epss 0.00
Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file…
CVE-2019-1003008Feb 6, 2019
Jenkins Project
Warnings Next Generation Plugin
risk 0.00cvss —epss 0.00
A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint.
CVE-2019-1003023Feb 6, 2019
Jenkins Project
Warnings Next Generation Plugin
risk 0.00cvss —epss 0.00
A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java,…