Lucene search
K

24 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:10 p.m.9 views

CVE-2020-2233

A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

6.5CVSS6.4AI score0.00836EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:54 p.m.9 views

CVE-2020-2235

A cross-site request forgery CSRF vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkin...

6.5CVSS6.6AI score0.00859EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/09/06 12:8 p.m.17 views

CVE-2023-41934

Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask i.e., replace with asterisks usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked...

6.7AI score0.00544EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/09/06 12:0 a.m.7 views

Jenkins Plugin Pipeline Maven Integration Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

5.3CVSS6.7AI score0.00544EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 5:28 p.m.30 views

Stored XSS vulnerability in Pipeline Maven Integration Plugin via unescaped display name

Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job’s display name shown as part of a build cause. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission. Pipeline Maven Integration Plugin 3.9.3 escap...

5.4CVSS5AI score0.00735EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 5:28 p.m.23 views

GHSA-HQ2H-9MC3-H6W2 Stored XSS vulnerability in Pipeline Maven Integration Plugin via unescaped display name

Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job’s display name shown as part of a build cause. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission. Pipeline Maven Integration Plugin 3.9.3 escap...

8CVSS5.2AI score0.00735EPSS
Exploits0References5
OSV
OSV
added 2022/05/24 5:25 p.m.22 views

GHSA-C2HG-2JJ6-H8VH CSRF vulnerability in Jenkins Pipeline Maven Integration Plugin allow capturing credentials

Pipeline Maven Integration Plugin 3.8.2 and earlier does not perform a permission check in a method implementing form validation. This allows users with Overall/Read access to Jenkins to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another...

7.1CVSS6.4AI score0.00859EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 5:25 p.m.24 views

CSRF vulnerability in Jenkins Pipeline Maven Integration Plugin allow capturing credentials

Pipeline Maven Integration Plugin 3.8.2 and earlier does not perform a permission check in a method implementing form validation. This allows users with Overall/Read access to Jenkins to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another...

6.5CVSS6.1AI score0.00859EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:25 p.m.24 views

Missing permission check in Jenkins Pipeline Maven Integration Plugin allows enumerating credentials IDs

Pipeline Maven Integration Plugin 3.8.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read access to Jenkins to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials...

6.5CVSS6AI score0.00836EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/24 5:25 p.m.20 views

GHSA-32XP-M6VG-GWPJ Missing permission check in Jenkins Pipeline Maven Integration Plugin allows enumerating credentials IDs

Pipeline Maven Integration Plugin 3.8.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read access to Jenkins to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials...

4.3CVSS6.2AI score0.00836EPSS
Exploits0References4
CNVD
CNVD
added 2020/09/17 12:0 a.m.4 views

CloudBees Jenkins Pipeline Maven Integration Cross Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

5.4CVSS6.5AI score0.00735EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/09/16 1:20 p.m.27 views

CVE-2020-2256

Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

5.3AI score0.00735EPSS
Exploits0References2
CNVD
CNVD
added 2020/08/14 12:0 a.m.3 views

CloudBees Jenkins Pipeline Maven Integration Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . Pipeline Maven Integration Plugin is used ...

6.5CVSS6.8AI score0.00859EPSS
Exploits0References1
NVD
NVD
added 2020/08/12 2:15 p.m.21 views

CVE-2020-2233

A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

6.5CVSS6.3AI score0.00836EPSS
Exploits0References2
Prion
Prion
added 2020/08/12 2:15 p.m.24 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkin...

4.3CVSS6.4AI score0.00859EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/08/12 1:25 p.m.68 views

CVE-2020-2233

CVE-2020-2233 affects Jenkins Pipeline Maven Integration Plugin up to version 3.8.2, where an HTTP endpoint lacks a permission check. This enables users with Overall/Read access to enumerate credentials IDs stored in Jenkins (information disclosure). The vulnerability is addressed in 3.8.3 and la...

6.5CVSS6.3AI score0.00836EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/08/12 1:25 p.m.65 views

CVE-2020-2234

CVE-2020-2234 affects Jenkins Pipeline Maven Integration Plugin

6.5CVSS6.3AI score0.01056EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2020/08/12 1:25 p.m.28 views

CVE-2020-2233

A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

6.5CVSS4.2AI score0.00836EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2020/08/12 1:25 p.m.35 views

CVE-2020-2234

A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkin...

6.5CVSS4.2AI score0.01056EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/08/12 12:0 a.m.5 views

PT-2020-15456 · Jenkins · Jenkins Pipeline Maven Integration Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline Maven Integration Plugin versions 3.8.2 and earlier Description: A cross-site request forgery CSRF vulnerability exists, allowing attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs...

6.5CVSS6.4AI score0.00859EPSS
Exploits0References7
Rows per page
Query Builder