OSV - Open Source Vulnerabilities

GHSA-262f-77q5-rqv6

Maven/com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer

Jenkins Build Failure Analyzer Plugin Cross-site Scripting vulnerability

1.10.0
1.10.2
1.10.3
1.11.0
1.12.0
1.12.1
1.13.0
...

2023-09-20T18:30:21Z

Fix available

GHSA-279f-qwgh-h5mp

Maven/org.jenkins-ci.main:jenkins-core
Maven/org.jenkins-ci.main:jenkins-core

Jenkins does not exclude sensitive build variables from search

2.100
2.101
2.102
2.103
2.104
2.105
2.106
...

2023-09-20T18:30:21Z

Fix available

GHSA-2wwh-qgh8-w9xw

Maven/com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer

Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability

1.10.0
1.10.2
1.10.3
1.11.0
1.12.0
1.12.1
1.13.0
...

2023-09-20T18:30:21Z

Fix available

GHSA-55q6-r3hm-7ff4

Maven/com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer

Jenkins Build Failure Analyzer Plugin missing permission check

1.10.0
1.10.2
1.10.3
1.11.0
1.12.0
1.12.1
1.13.0
...

2023-09-20T18:30:21Z

Fix available

GHSA-55wp-3pq4-w8p9

Maven/org.jenkins-ci.main:jenkins-core
Maven/org.jenkins-ci.main:jenkins-core

Jenkins temporary plugin file created with insecure permissions

2.100
2.101
2.102
2.103
2.104
2.105
2.106
...

2023-09-20T18:30:21Z

Fix available

GHSA-58rq-69jp-xc23

Maven/com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer

Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability

1.10.0
1.10.2
1.10.3
1.11.0
1.12.0
1.12.1
1.13.0
...

2023-09-20T18:30:21Z

Fix available

GHSA-5j46-5hwq-gwh7

Maven/org.jenkins-ci.main:jenkins-core
Maven/org.jenkins-ci.main:jenkins-core

Jenkins Cross-site Scripting vulnerability

2.100
2.101
2.102
2.103
2.104
2.105
2.106
...

2023-09-20T18:30:21Z

Fix available

GHSA-hq87-h4jg-vxfw

Maven/org.jenkins-ci.main:jenkins-core
Maven/org.jenkins-ci.main:jenkins-core

Jenkins temporary uploaded file created with insecure permissions

2.100
2.101
2.102
2.103
2.104
2.105
2.106
...

2023-09-20T18:30:21Z

Fix available

GHSA-qv64-w99c-qcr9

Maven/org.jenkins-ci.main:jenkins-core
Maven/org.jenkins-ci.main:jenkins-core

Jenkins temporary uploaded file created with insecure permissions

2.100
2.101
2.102
2.103
2.104
2.105
2.106
...

2023-09-20T18:30:21Z

Fix available

GHSA-4f4r-wgv2-jjvg

Maven/io.quarkus:quarkus-vertx-http
Maven/io.quarkus:quarkus-vertx-http
Maven/io.quarkus:quarkus-vertx-http
Maven/io.quarkus:quarkus-undertow
Maven/io.quarkus:quarkus-undertow
Maven/io.quarkus:quarkus-undertow
Maven/io.quarkus:quarkus-csrf-reactive
Maven/io.quarkus:quarkus-csrf-reactive
Maven/io.quarkus:quarkus-csrf-reactive
Maven/io.quarkus:quarkus-keycloak-authorization
Maven/io.quarkus:quarkus-keycloak-authorization
Maven/io.quarkus:quarkus-keycloak-authorization

Quarkus HTTP vulnerable to incorrect evaluation of permissions

0.23.0
0.23.1
0.23.2
0.24.0
0.25.0
0.26.0
0.26.1
...

2023-09-20T12:30:22Z

Fix available

GHSA-frqc-f2h8-fjvf

Maven/org.springframework.graphql:spring-graphql
Maven/org.springframework.graphql:spring-graphql

Spring for GraphQL may be exposed to GraphQL context with values from a different session

1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.2.0
...

2023-09-20T12:30:22Z

Fix available

GHSA-v92f-jx6p-73rx

Maven/it.geosolutions.jaiext.jiffle:jt-jiffle
Maven/it.geosolutions.jaiext.jiffle:jt-jiffle-language

Improper Control of Generation of Code ('Code Injection') in jai-ext

See details.

2023-09-19T20:35:16Z

Fix available

GHSA-3p86-9955-h393

Maven/org.eclipse.jgit:org.eclipse.jgit

Arbitrary File Overwrite in Eclipse JGit

1.2.0.201112221803-r
1.3.0.201202151440-r
2.0.0.201206130900-r
2.1.0.201209190230-r
2.2.0.201212191850-r
2.3.1.201302201838-r
3.0.0.201306101825-r
...

2023-09-18T15:30:18Z

Fix available

GHSA-pwh8-58vv-vw48

Maven/org.eclipse.jetty:jetty-openid
Maven/org.eclipse.jetty:jetty-openid
Maven/org.eclipse.jetty:jetty-openid

Jetty's OpenId Revoked authentication allows one request

9.4.21.v20190926
9.4.22.v20191022
9.4.23.v20191118
9.4.24.v20191120
9.4.25.v20191220
9.4.26.v20200117
9.4.27.v20200227
...

2023-09-15T13:36:10Z

Fix available

GHSA-hmr7-m48g-48f6

Maven/org.eclipse.jetty:jetty-http
Maven/org.eclipse.jetty:jetty-http
Maven/org.eclipse.jetty:jetty-http
Maven/org.eclipse.jetty:jetty-http

Jetty accepts "+" prefixed value in Content-Length

9.0.0.v20130308
9.0.1.v20130408
9.0.2.v20130417
9.0.3.v20130506
9.0.4.v20130625
9.0.5.v20130815
9.0.6.v20130930
...

2023-09-14T16:17:27Z

Fix available

GHSA-3gh6-v5v9-6v9j

Maven/org.eclipse.jetty:jetty-servlets
Maven/org.eclipse.jetty:jetty-servlets
Maven/org.eclipse.jetty:jetty-servlets
Maven/org.eclipse.jetty.ee10:jetty-ee10-servlets
Maven/org.eclipse.jetty.ee9:jetty-ee9-servlets
Maven/org.eclipse.jetty.ee8:jetty-ee8-servlets

Jetty vulnerable to errant command quoting in CGI Servlet

9.0.0.v20130308
9.0.1.v20130408
9.0.2.v20130417
9.0.3.v20130506
9.0.4.v20130625
9.0.5.v20130815
9.0.6.v20130930
...

2023-09-14T16:16:00Z

Fix available

Vulnerability Library