Vulnerabilities (CVE)

Filtered by vendor Jenkins Subscribe
Filtered by product Crx Content Package Deployer
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-34184 1 Jenkins 1 Crx Content Package Deployer 2024-11-21 3.5 LOW 5.4 MEDIUM
Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2019-10439 1 Jenkins 1 Crx Content Package Deployer 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
CVE-2019-10438 1 Jenkins 1 Crx Content Package Deployer 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2019-10437 1 Jenkins 1 Crx Content Package Deployer 2024-11-21 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.