Jenkins Websphere Deployer

Do you want an email whenever new security vulnerabilities are reported in Jenkins Websphere Deployer?

By the Year

In 2023 there have been 0 vulnerabilities in Jenkins Websphere Deployer . Websphere Deployer did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2023	0	0.00
2022	0	0.00
2021	0	0.00
2020	1	7.60
2019	4	7.53
2018	0	0.00

It may take a day or so for new Websphere Deployer vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Jenkins Websphere Deployer Security Vulnerabilities

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks

CVE-2020-2108 7.6 - High - January 29, 2020

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions.

XXE

A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier

CVE-2019-16559 5.4 - Medium - December 17, 2019

A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system.

Incorrect Default Permissions

A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier

CVE-2019-16560 8.8 - High - December 17, 2019

A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system.

Session Riding

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier

CVE-2019-16561 7.1 - High - December 17, 2019

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for the entire Jenkins master JVM.

Improper Certificate Validation

Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they

CVE-2019-1003056 8.8 - High - April 04, 2019

Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Missing Encryption of Sensitive Data

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Jenkins Websphere Deployer or by Jenkins? Click the Watch button to subscribe.

Jenkins
Vendor

Jenkins Websphere Deployer
Product

Jenkins Websphere Deployer

By the Year

Recent Jenkins Websphere Deployer Security Vulnerabilities

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks CVE-2020-2108 7.6 - High - January 29, 2020

A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier CVE-2019-16559 5.4 - Medium - December 17, 2019

A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier CVE-2019-16560 8.8 - High - December 17, 2019

Jenkins WebSphere Deployer Plugin 1.6.1 and earlier CVE-2019-16561 7.1 - High - December 17, 2019

Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they CVE-2019-1003056 8.8 - High - April 04, 2019