Maven Release Plugin
Source repositories
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-34781 | 0.00 | — | 0.00 | Jun 30, 2022 | Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored… | |||
| CVE-2022-34780 | 0.00 | — | 0.00 | Jun 30, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in… | |||
| CVE-2022-34779 | 0.00 | — | 0.00 | Jun 30, 2022 | A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||
| CVE-2022-27215 | 0.00 | — | 0.00 | Mar 15, 2022 | A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | |||
| CVE-2022-27214 | 0.00 | — | 0.00 | Mar 15, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | |||
| CVE-2020-2295 | 0.00 | — | 0.00 | Oct 8, 2020 | A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin. | |||
| CVE-2020-2294 | 0.00 | — | 0.00 | Oct 8, 2020 | Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin. | |||
| CVE-2020-2292 | 0.00 | — | 0.00 | Oct 8, 2020 | Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Release/Release permission. | |||
| CVE-2020-2270 | 0.00 | — | 0.00 | Sep 16, 2020 | Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||
| CVE-2019-16550 | 0.00 | — | 0.00 | Dec 17, 2019 | A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents. | |||
| CVE-2019-16549 | 0.00 | — | 0.00 | Dec 17, 2019 | Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents. | |||
| CVE-2019-10359 | 0.00 | — | 0.00 | Jul 31, 2019 | A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseAction#doSubmit method allowed attackers to perform releases with attacker-specified options. | |||
| CVE-2019-10361 | 0.00 | — | 0.00 | Jul 31, 2019 | Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system. | |||
| CVE-2019-10360 | 0.00 | — | 0.00 | Jul 31, 2019 | A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins. |
- CVE-2022-34781Jun 30, 2022risk 0.00cvss —epss 0.00
Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored…
- CVE-2022-34780Jun 30, 2022risk 0.00cvss —epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in…
- CVE-2022-34779Jun 30, 2022risk 0.00cvss —epss 0.00
A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
- CVE-2022-27215Mar 15, 2022risk 0.00cvss —epss 0.00
A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
- CVE-2022-27214Mar 15, 2022risk 0.00cvss —epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
- CVE-2020-2295Oct 8, 2020risk 0.00cvss —epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin.
- CVE-2020-2294Oct 8, 2020risk 0.00cvss —epss 0.00
Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin.
- CVE-2020-2292Oct 8, 2020risk 0.00cvss —epss 0.00
Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Release/Release permission.
- CVE-2020-2270Sep 16, 2020risk 0.00cvss —epss 0.00
Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
- CVE-2019-16550Dec 17, 2019risk 0.00cvss —epss 0.00
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.
- CVE-2019-16549Dec 17, 2019risk 0.00cvss —epss 0.00
Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents.
- CVE-2019-10359Jul 31, 2019risk 0.00cvss —epss 0.00
A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseAction#doSubmit method allowed attackers to perform releases with attacker-specified options.
- CVE-2019-10361Jul 31, 2019risk 0.00cvss —epss 0.00
Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system.
- CVE-2019-10360Jul 31, 2019risk 0.00cvss —epss 0.00
A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.