Jenkins Repository Connector
By the Year
In 2024 there have been 0 vulnerabilities in Jenkins Repository Connector . Repository Connector did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 3 | 4.67 |
| 2021 | 1 | 5.40 |
| 2020 | 1 | 5.30 |
| 2019 | 1 | 7.80 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Repository Connector vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Repository Connector Security Vulnerabilities
Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation
CVE-2022-36904
4.3 - Medium
- July 27, 2022
Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
AuthZ
A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier
CVE-2022-36903
4.3 - Medium
- July 27, 2022
A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
AuthZ
Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape the name and description of Maven Repository Artifact parameters on views displaying parameters
CVE-2022-34195
5.4 - Medium
- June 23, 2022
Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape the name and description of Maven Repository Artifact parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
XSS
Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds
CVE-2021-21618
5.4 - Medium
- February 24, 2021
Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
XSS
Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form
CVE-2020-2149
5.3 - Medium
- March 09, 2020
Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
Cleartext Transmission of Sensitive Information
An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java
CVE-2019-1003038
7.8 - High
- March 08, 2019
An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration.
Insufficiently Protected Credentials
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Repository Connector or by Jenkins? Click the Watch button to subscribe.
