CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41934
https://notcve.org/view.php?id=CVE-2023-41934
06 Sep 2023 — Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked. El complemento Jenkins Pipeline Maven Integration 1330.v18e473854496 y versiones anteriores no enmascaran correctamente (es decir, reemplazan con asteriscos) los nombres de usuario de las credenciales especificadas en la configuración personalizada de Maven en... • http://www.openwall.com/lists/oss-security/2023/09/06/9 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40347
https://notcve.org/view.php?id=CVE-2023-40347
16 Aug 2023 — Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. • http://www.openwall.com/lists/oss-security/2023/08/16/3 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 3%CPEs: 1EXPL: 0CVE-2023-35144
https://notcve.org/view.php?id=CVE-2023-35144
14 Jun 2023 — Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability. • http://www.openwall.com/lists/oss-security/2023/06/14/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 3%CPEs: 1EXPL: 0CVE-2023-35143
https://notcve.org/view.php?id=CVE-2023-35143
14 Jun 2023 — Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control maven project versions in `pom.xml`. • http://www.openwall.com/lists/oss-security/2023/06/14/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36905
https://notcve.org/view.php?id=CVE-2022-36905
27 Jul 2022 — Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and earlier does not perform URL validation for the Repository Base URL of List maven artifact versions parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 y anteriores, no lleva a cabo la comprobación de la URL para la URL de la base del repositorio de los parámetros de la lista de versiones de artefacto... • http://www.openwall.com/lists/oss-security/2022/07/27/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 2%CPEs: 1EXPL: 0CVE-2022-34190
https://notcve.org/view.php?id=CVE-2022-34190
22 Jun 2022 — Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Jenkins Maven Metadata Plugin for Jenkins CI server Plugin versiones 2.1 y anteriores, no escapa del nombre y la descripción de los parámetros List maven artifact versions en las visualizaciones que mu... • https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2784 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2256
https://notcve.org/view.php?id=CVE-2020-2256
16 Sep 2020 — Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. Jenkins Pipeline Maven Integration Plugin versiones 3.9.2 y anteriores, no escapa el nombre para mostrar de trabajo previo mostrado como parte de una causa de compilación, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado ex... • http://www.openwall.com/lists/oss-security/2020/09/16/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2235
https://notcve.org/view.php?id=CVE-2020-2235
12 Aug 2020 — A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Jenkins Pipeline Maven Integration Plugin versiones 3.8.2 y anteriores, permite a atacantes conectarse a una URL de JDBC especificada por el ataca... • http://www.openwall.com/lists/oss-security/2020/08/12/4 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2233
https://notcve.org/view.php?id=CVE-2020-2233
12 Aug 2020 — A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. Una falta de comprobación de permiso en Jenkins Pipeline Maven Integration Plugin versiones 3.8.2 y anteriores, permite a usuarios con acceso general y de lectura enumerar los ID de credenciales de credenciales almacenadas en Jenkins • http://www.openwall.com/lists/oss-security/2020/08/12/4 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2234
https://notcve.org/view.php?id=CVE-2020-2234
12 Aug 2020 — A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. Una falta de comprobación de permiso en Jenkins Pipeline Maven Integration Plugin versiones 3.8.2 y anteriores, permite a usuarios con acceso general y de lectura conectarse a una URL de JDBC especificada por el ... • http://www.openwall.com/lists/oss-security/2020/08/12/4 • CWE-862: Missing Authorization •