Jenkins Maven
By the Year
In 2023 there have been 0 vulnerabilities in Jenkins Maven . Maven did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 3 | 7.80 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Maven vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Maven Security Vulnerabilities
Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks
CVE-2019-16549
8.1 - High
- December 17, 2019
Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents.
XXE
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier
CVE-2019-16550
8.8 - High
- December 17, 2019
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.
Session Riding
Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds
CVE-2019-10358
6.5 - Medium
- July 31, 2019
Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log.
Insertion of Sensitive Information into Log File
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Maven or by Jenkins? Click the Watch button to subscribe.
