Jenkins Websphere Deployer
By the Year
In 2023 there have been 0 vulnerabilities in Jenkins Websphere Deployer . Websphere Deployer did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 1 | 7.60 |
2019 | 4 | 7.53 |
2018 | 0 | 0.00 |
It may take a day or so for new Websphere Deployer vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Websphere Deployer Security Vulnerabilities
Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks
CVE-2020-2108
7.6 - High
- January 29, 2020
Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions.
XXE
A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier
CVE-2019-16559
5.4 - Medium
- December 17, 2019
A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system.
Incorrect Default Permissions
A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier
CVE-2019-16560
8.8 - High
- December 17, 2019
A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system.
Session Riding
Jenkins WebSphere Deployer Plugin 1.6.1 and earlier
CVE-2019-16561
7.1 - High
- December 17, 2019
Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for the entire Jenkins master JVM.
Improper Certificate Validation
Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they
CVE-2019-1003056
8.8 - High
- April 04, 2019
Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Missing Encryption of Sensitive Data
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Websphere Deployer or by Jenkins? Click the Watch button to subscribe.
