Lucene search
K

36 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:32 a.m.9 views

CVE-2019-16550

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents...

8.8CVSS6.7AI score0.0064EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:32 a.m.9 views

CVE-2019-16549

Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity XXE attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents...

8.1CVSS6.7AI score0.00969EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-2966

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00688EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-3866

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.0064EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-3031

Malicious code in bioql PyPI...

8.1CVSS8AI score0.00969EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.22 views

EUVD-2022-5446

Malicious code in bioql PyPI...

5.5CVSS5.6AI score0.00471EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-5090

Malicious code in bioql PyPI...

6.8CVSS6.6AI score0.00607EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/22 7:46 a.m.10 views

CVE-2019-10359

A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseActiondoSubmit method allowed attackers to perform releases with attacker-specified options...

6.8CVSS6.7AI score0.00607EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:51 a.m.11 views

CVE-2019-10361

Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system...

5.5CVSS6.5AI score0.00471EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:14 a.m.8 views

CVE-2019-10360

A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins...

5.4CVSS5.7AI score0.00688EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/24 5:3 p.m.17 views

Cross-site request forgery (CSRF) vulnerability in Jenkins Maven Release Plugin

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents...

8.8CVSS6.9AI score0.0064EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2019/12/18 12:0 a.m.5 views

CloudBees Jenkins Maven Release Plugin Code Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Maven Release Plugin is used in one of the...

8.1CVSS7AI score0.00969EPSS
Exploits0References1
NVD
NVD
added 2019/12/17 3:15 p.m.32 views

CVE-2019-16550

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents...

8.8CVSS8.6AI score0.0064EPSS
Exploits0References2
NVD
NVD
added 2019/12/17 3:15 p.m.20 views

CVE-2019-16549

Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity XXE attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents...

8.1CVSS8AI score0.00969EPSS
Exploits0References2
OSV
OSV
added 2019/12/17 3:15 p.m.3 views

CVE-2019-16549

Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity XXE attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents...

8.1CVSS7.1AI score0.00969EPSS
Exploits0References2
CVE
CVE
added 2019/12/17 2:40 p.m.46 views

CVE-2019-16550

Summary: CVE-2019-16550 is a CSRF flaw in the Jenkins Maven Release Plugin (versions 0.16.1 and earlier) that allows an attacker to cause Jenkins to connect to a user-specified web server and parse XML documents. Affected: Jenkins Maven Release Plugin ≤ 0.16.1. Root cause / impact: cross-site req...

8.8CVSS8.6AI score0.0064EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/12/17 2:40 p.m.57 views

CVE-2019-16549

Vulnerability: Jenkins Maven Release Plugin (versions 0.16.1 and earlier) suffers an XXE flaw because the XML parser isn’t configured to neutralize external entities. Impact (as described): MITM attackers could force Jenkins to parse crafted XML, enabling potential extraction of secrets, server-s...

8.1CVSS7.9AI score0.00969EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/12/17 2:40 p.m.33 views

CVE-2019-16550

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents...

8.7AI score0.0064EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/12/17 12:0 a.m.8 views

PT-2019-14705 · Jenkins · Jenkins Maven Release Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Maven Release Plugin versions 0.16.1 and earlier Description: A cross-site request forgery issue exists in the connection test form method, allowing attackers to have the system connect to a specified web server and parse XML document...

8.8CVSS8.5AI score0.0064EPSS
Exploits0References6
Zero Day Initiative
Zero Day Initiative
added 2019/09/17 12:0 a.m.35 views

Jenkins Maven Release Cleartext Storage of Credentials Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins Maven Release. Authentication is required to exploit this vulnerability. The specific flaw exists within the Maven Release plugin. The issue results from storing credentials in...

3.3CVSS1.7AI score0.00471EPSS
Exploits0References1
Rows per page
Query Builder