Vulnerabilities (CVE)

Filtered by vendor Jenkins Subscribe
Filtered by product Maven
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-16550 1 Jenkins 1 Maven 2024-11-21 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.
CVE-2019-16549 1 Jenkins 1 Maven 2024-11-21 6.8 MEDIUM 8.1 HIGH
Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents.
CVE-2019-10358 1 Jenkins 1 Maven 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log.
CVE-2017-1000397 1 Jenkins 1 Maven 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
Jenkins Maven Plugin 2.17 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. Maven Plugin 3.0 no longer has a dependency on commons-httpclient.