Vulnerability Library

ID
Packages
Summary
Affected versions
Published
Fix
GHSA-262f-77q5-rqv6
  • Maven/com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
Jenkins Build Failure Analyzer Plugin Cross-site Scripting vulnerability
  • 1.10.0
  • 1.10.2
  • 1.10.3
  • 1.11.0
  • 1.12.0
  • 1.12.1
  • 1.13.0
  • ...
2023-09-20T18:30:21Z Fix available
GHSA-279f-qwgh-h5mp
  • Maven/org.jenkins-ci.main:jenkins-core
  • Maven/org.jenkins-ci.main:jenkins-core
Jenkins does not exclude sensitive build variables from search
  • 2.100
  • 2.101
  • 2.102
  • 2.103
  • 2.104
  • 2.105
  • 2.106
  • ...
2023-09-20T18:30:21Z Fix available
GHSA-2wwh-qgh8-w9xw
  • Maven/com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability
  • 1.10.0
  • 1.10.2
  • 1.10.3
  • 1.11.0
  • 1.12.0
  • 1.12.1
  • 1.13.0
  • ...
2023-09-20T18:30:21Z Fix available
GHSA-55q6-r3hm-7ff4
  • Maven/com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
Jenkins Build Failure Analyzer Plugin missing permission check
  • 1.10.0
  • 1.10.2
  • 1.10.3
  • 1.11.0
  • 1.12.0
  • 1.12.1
  • 1.13.0
  • ...
2023-09-20T18:30:21Z Fix available
GHSA-55wp-3pq4-w8p9
  • Maven/org.jenkins-ci.main:jenkins-core
  • Maven/org.jenkins-ci.main:jenkins-core
Jenkins temporary plugin file created with insecure permissions
  • 2.100
  • 2.101
  • 2.102
  • 2.103
  • 2.104
  • 2.105
  • 2.106
  • ...
2023-09-20T18:30:21Z Fix available
GHSA-58rq-69jp-xc23
  • Maven/com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability
  • 1.10.0
  • 1.10.2
  • 1.10.3
  • 1.11.0
  • 1.12.0
  • 1.12.1
  • 1.13.0
  • ...
2023-09-20T18:30:21Z Fix available
GHSA-5j46-5hwq-gwh7
  • Maven/org.jenkins-ci.main:jenkins-core
  • Maven/org.jenkins-ci.main:jenkins-core
Jenkins Cross-site Scripting vulnerability
  • 2.100
  • 2.101
  • 2.102
  • 2.103
  • 2.104
  • 2.105
  • 2.106
  • ...
2023-09-20T18:30:21Z Fix available
GHSA-hq87-h4jg-vxfw
  • Maven/org.jenkins-ci.main:jenkins-core
  • Maven/org.jenkins-ci.main:jenkins-core
Jenkins temporary uploaded file created with insecure permissions
  • 2.100
  • 2.101
  • 2.102
  • 2.103
  • 2.104
  • 2.105
  • 2.106
  • ...
2023-09-20T18:30:21Z Fix available
GHSA-qv64-w99c-qcr9
  • Maven/org.jenkins-ci.main:jenkins-core
  • Maven/org.jenkins-ci.main:jenkins-core
Jenkins temporary uploaded file created with insecure permissions
  • 2.100
  • 2.101
  • 2.102
  • 2.103
  • 2.104
  • 2.105
  • 2.106
  • ...
2023-09-20T18:30:21Z Fix available
GHSA-4f4r-wgv2-jjvg
  • Maven/io.quarkus:quarkus-vertx-http
  • Maven/io.quarkus:quarkus-vertx-http
  • Maven/io.quarkus:quarkus-vertx-http
  • Maven/io.quarkus:quarkus-undertow
  • Maven/io.quarkus:quarkus-undertow
  • Maven/io.quarkus:quarkus-undertow
  • Maven/io.quarkus:quarkus-csrf-reactive
  • Maven/io.quarkus:quarkus-csrf-reactive
  • Maven/io.quarkus:quarkus-csrf-reactive
  • Maven/io.quarkus:quarkus-keycloak-authorization
  • Maven/io.quarkus:quarkus-keycloak-authorization
  • Maven/io.quarkus:quarkus-keycloak-authorization
Quarkus HTTP vulnerable to incorrect evaluation of permissions
  • 0.23.0
  • 0.23.1
  • 0.23.2
  • 0.24.0
  • 0.25.0
  • 0.26.0
  • 0.26.1
  • ...
2023-09-20T12:30:22Z Fix available
GHSA-frqc-f2h8-fjvf
  • Maven/org.springframework.graphql:spring-graphql
  • Maven/org.springframework.graphql:spring-graphql
Spring for GraphQL may be exposed to GraphQL context with values from a different session
  • 1.1.0
  • 1.1.1
  • 1.1.2
  • 1.1.3
  • 1.1.4
  • 1.1.5
  • 1.2.0
  • ...
2023-09-20T12:30:22Z Fix available
GHSA-v92f-jx6p-73rx
  • Maven/it.geosolutions.jaiext.jiffle:jt-jiffle
  • Maven/it.geosolutions.jaiext.jiffle:jt-jiffle-language
Improper Control of Generation of Code ('Code Injection') in jai-ext
  • See details.
2023-09-19T20:35:16Z Fix available
GHSA-3p86-9955-h393
  • Maven/org.eclipse.jgit:org.eclipse.jgit
Arbitrary File Overwrite in Eclipse JGit
  • 1.2.0.201112221803-r
  • 1.3.0.201202151440-r
  • 2.0.0.201206130900-r
  • 2.1.0.201209190230-r
  • 2.2.0.201212191850-r
  • 2.3.1.201302201838-r
  • 3.0.0.201306101825-r
  • ...
2023-09-18T15:30:18Z Fix available
GHSA-pwh8-58vv-vw48
  • Maven/org.eclipse.jetty:jetty-openid
  • Maven/org.eclipse.jetty:jetty-openid
  • Maven/org.eclipse.jetty:jetty-openid
Jetty's OpenId Revoked authentication allows one request
  • 9.4.21.v20190926
  • 9.4.22.v20191022
  • 9.4.23.v20191118
  • 9.4.24.v20191120
  • 9.4.25.v20191220
  • 9.4.26.v20200117
  • 9.4.27.v20200227
  • ...
2023-09-15T13:36:10Z Fix available
GHSA-hmr7-m48g-48f6
  • Maven/org.eclipse.jetty:jetty-http
  • Maven/org.eclipse.jetty:jetty-http
  • Maven/org.eclipse.jetty:jetty-http
  • Maven/org.eclipse.jetty:jetty-http
Jetty accepts "+" prefixed value in Content-Length
  • 9.0.0.v20130308
  • 9.0.1.v20130408
  • 9.0.2.v20130417
  • 9.0.3.v20130506
  • 9.0.4.v20130625
  • 9.0.5.v20130815
  • 9.0.6.v20130930
  • ...
2023-09-14T16:17:27Z Fix available
GHSA-3gh6-v5v9-6v9j
  • Maven/org.eclipse.jetty:jetty-servlets
  • Maven/org.eclipse.jetty:jetty-servlets
  • Maven/org.eclipse.jetty:jetty-servlets
  • Maven/org.eclipse.jetty.ee10:jetty-ee10-servlets
  • Maven/org.eclipse.jetty.ee9:jetty-ee9-servlets
  • Maven/org.eclipse.jetty.ee8:jetty-ee8-servlets
Jetty vulnerable to errant command quoting in CGI Servlet
  • 9.0.0.v20130308
  • 9.0.1.v20130408
  • 9.0.2.v20130417
  • 9.0.3.v20130506
  • 9.0.4.v20130625
  • 9.0.5.v20130815
  • 9.0.6.v20130930
  • ...
2023-09-14T16:16:00Z Fix available