CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41934
https://notcve.org/view.php?id=CVE-2023-41934
Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked. El complemento Jenkins Pipeline Maven Integration 1330.v18e473854496 y versiones anteriores no enmascaran correctamente (es decir, reemplazan con asteriscos) los nombres de usuario de las credenciales especificadas en la configuración personalizada de Maven en los registros de build del Pipeline si está marcada la opción "Tratar nombre de usuario como secreto". • http://www.openwall.com/lists/oss-security/2023/09/06/9 https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3257 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40347
https://notcve.org/view.php?id=CVE-2023-40347
Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. • http://www.openwall.com/lists/oss-security/2023/08/16/3 https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3153 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35144
https://notcve.org/view.php?id=CVE-2023-35144
Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability. • http://www.openwall.com/lists/oss-security/2023/06/14/5 https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-2951 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35143
https://notcve.org/view.php?id=CVE-2023-35143
Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control maven project versions in `pom.xml`. • http://www.openwall.com/lists/oss-security/2023/06/14/5 https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3156 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36905
https://notcve.org/view.php?id=CVE-2022-36905
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 y anteriores, no lleva a cabo la comprobación de la URL para la URL de la base del repositorio de los parámetros de la lista de versiones de artefactos de maven, lo que resulta en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado que puede ser explotada por atacantes con permiso de Item/Configure • http://www.openwall.com/lists/oss-security/2022/07/27/1 https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2686 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •