EUVD-2022-2736

Malicious code in bioql PyPI...

CVE-2019-10358

Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log...

CVE-2023-41934

Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask i.e., replace with asterisks usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked...

GHSA-HQ2H-9MC3-H6W2 Stored XSS vulnerability in Pipeline Maven Integration Plugin via unescaped display name

Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job’s display name shown as part of a build cause. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission. Pipeline Maven Integration Plugin 3.9.3 escap...

CSRF vulnerability in Jenkins Pipeline Maven Integration Plugin allow capturing credentials

Pipeline Maven Integration Plugin 3.8.2 and earlier does not perform a permission check in a method implementing form validation. This allows users with Overall/Read access to Jenkins to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another...

GHSA-32XP-M6VG-GWPJ Missing permission check in Jenkins Pipeline Maven Integration Plugin allows enumerating credentials IDs

Pipeline Maven Integration Plugin 3.8.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read access to Jenkins to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials...

CVE-2020-2256

Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

CVE-2020-2234

A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkin...

CVE-2020-2233

A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

CVE-2020-2235

A cross-site request forgery CSRF vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkin...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkin...

CVE-2020-2234

CVE-2020-2234 affects Jenkins Pipeline Maven Integration Plugin

CVE-2020-2233

CVE-2020-2233 affects Jenkins Pipeline Maven Integration Plugin up to version 3.8.2, where an HTTP endpoint lacks a permission check. This enables users with Overall/Read access to enumerate credentials IDs stored in Jenkins (information disclosure). The vulnerability is addressed in 3.8.3 and la...

CVE-2020-2234

A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkin...

CVE-2020-2233

A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

CloudBees Jenkins Maven Integration Plugin Input Validation Error Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/testing project and some timed tasks . Maven Integration Plugin is used in one...

CVE-2019-10358

Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log...

CVE-2019-10358

CVE-2019-10358 affects the Jenkins Maven Integration Plugin (versions ≤ 3.3). The root cause is that build log decorators were not applied to module builds, which could cause sensitive build variables to be exposed in logs. The available connected documents consistently describe this as a disclos...

CVE-2019-10327

CVE-2019-10327 affects Jenkins Pipeline Maven Integration Plugin versions 1.7.0 and earlier. The vulnerability is an XML External Entity (XXE) flaw in which a malicious XML file, processed via a Maven build that uses a temporary directory on the agent, can cause extraction of secrets from the Jen...

CVE-2019-10327

An XML external entities XXE vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file that uses external entities for...