Jenkins Crx Content Package Deployer
By the Year
In 2023 there have been 0 vulnerabilities in Jenkins Crx Content Package Deployer . Last year Crx Content Package Deployer had 1 security vulnerability published. Right now, Crx Content Package Deployer is on track to have less security vulnerabilities in 2023 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 1 | 5.40 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 3 | 6.53 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Crx Content Package Deployer vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Crx Content Package Deployer Security Vulnerabilities
Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters
CVE-2022-34184
5.4 - Medium
- June 23, 2022
Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
XSS
A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier
CVE-2019-10437
8.8 - High
- October 16, 2019
A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Session Riding
A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier
CVE-2019-10438
6.5 - Medium
- October 16, 2019
A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
AuthZ
A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods
CVE-2019-10439
4.3 - Medium
- October 16, 2019
A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
AuthZ
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Crx Content Package Deployer or by Jenkins? Click the Watch button to subscribe.
