VYPR

Jenkins Mattermost Notification Plugin

by Jenkins Project

CVEs (9)

  • CVE-2022-34205MedJun 23, 2022
    risk 0.42cvss 6.5epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL.

  • CVE-2019-1003043HigMar 28, 2019
    risk 0.42cvss 7.5epss 0.01

    A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in…

  • CVE-2019-1003044HigMar 28, 2019
    risk 0.39cvss 7.1epss 0.01

    A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

  • CVE-2019-10459MedOct 23, 2019
    risk 0.35cvss 6.5epss 0.01

    Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the…

  • CVE-2022-34801MedJun 30, 2022
    risk 0.28cvss 4.3epss 0.00

    Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

  • CVE-2022-34800MedJun 30, 2022
    risk 0.28cvss 4.3epss 0.01

    Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

  • CVE-2022-34206MedJun 23, 2022
    risk 0.28cvss 4.3epss 0.01

    A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL.

  • CVE-2019-1003026MedFeb 20, 2019
    risk 0.28cvss 4.3epss 0.01

    A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a…

  • CVE-2020-2297LowOct 8, 2020
    risk 0.21cvss 3.3epss 0.00

    Jenkins SMS Notification Plugin 1.2 and earlier stores an access token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.