Vulnerability Library

ID
Packages
Summary
Affected versions
Last modified
Fix
GHSA-q5f8-fxrx-pw6f
  • Maven/org.jenkins-ci.main:jenkins-core
Jenkins subject to Cross-site Scripting
  • 1.396
  • 1.397
  • 1.398
  • 1.399
  • 1.400
  • 1.401
  • 1.403
  • ...
2023-02-04T00:45:18.316258Z Fix available
GHSA-939x-6mwj-96r2
  • Maven/org.jenkins-ci.plugins:azure-ad
Insufficient Session Expiration in Jenkins Azure AD Plugin
  • 0.1.1
  • 0.1.1-1
  • 0.2.0
  • 0.3.0
  • 0.3.1
  • 0.3.2
  • 0.3.3
  • ...
2023-02-04T00:43:09.288953Z No fix available
GHSA-fqp6-fw9g-xpxp
  • Maven/org.jeecgframework.boot:jeecg-boot-base
Insecure Permissions issue in jeecg-boot
  • See details.
2023-02-04T00:30:27Z No fix available
GHSA-rwhw-6c6r-2823
  • Maven/org.jeecgframework.boot:jeecg-boot-base
Insecure Permissions issue in jeecg-boot
  • See details.
2023-02-04T00:30:25Z No fix available
GHSA-4f48-qpch-4ppx
  • Maven/org.jeecgframework.boot:jeecg-boot-base
Insecure Permissions issue in jeecg-boot
  • See details.
2023-02-04T00:30:23Z No fix available
GHSA-66cr-6whx-732p
  • Maven/org.jenkins-ci.main:jenkins-core
Jenkins improperly ensures trust separation
  • 1.396
  • 1.397
  • 1.398
  • 1.399
  • 1.400
  • 1.401
  • 1.403
  • ...
2023-02-03T23:38:06.674258Z Fix available
GHSA-96jv-c7m6-q43g
  • Maven/org.jenkins-ci.plugins:openid
Cross-site request forgery vulnerability in Jenkins OpenID Plugin
  • 1.0
  • 1.1
  • 1.2
  • 1.3
  • 1.4
  • 1.5
  • 1.6
  • ...
2023-02-03T20:51:40.193489Z No fix available
GHSA-5xpc-c4xv-7w62
  • Maven/org.jvnet.hudson.plugins:pwauth
Path traversal vulnerability in Jenkins PWauth Security Realm Plugin
  • 0.4
2023-02-03T20:51:27.205286Z No fix available
GHSA-vxmh-p52j-h33m
  • Maven/org.jenkins-ci.plugins:oic-auth
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin
  • 1.0
  • 1.1
  • 1.2
  • 1.3
  • 1.4
  • 1.5
  • 1.6
  • ...
2023-02-03T20:51:18.170304Z Fix available
GHSA-wj79-9fxj-j86p
  • Maven/org.jenkins-ci.plugins:rabbitmq-consumer
Cross-site request forgery vulnerability in Jenkins RabbitMQ Consumer Plugin
  • 1.0
  • 1.1
  • 1.2
  • 1.3
  • 1.4
  • 1.5
  • 1.6
  • ...
2023-02-03T20:51:17.891777Z No fix available
GHSA-95jq-24cr-pgrq
  • Maven/com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
Cross-site request forgery in Jenkins Gerrit Trigger Plugin
  • 2.0
  • 2.1.0
  • 2.10.0
  • 2.10.1
  • 2.11.0
  • 2.11.0-beta-1
  • 2.11.0-beta-2
  • ...
2023-02-03T20:51:14.420668Z Fix available
GHSA-4x65-4fjx-r7m6
  • Maven/org.jenkins-ci.plugins:github-pr-coverage-status
Plaintext storage of Access Token in Jenkins GitHub Pull Request Coverage Status Plugin
  • 1.0.8
  • 1.0.9
  • 1.1.0
  • 1.1.1
  • 1.10.0
  • 1.2.0
  • 1.3.0
  • ...
2023-02-03T20:51:01.323797Z No fix available
GHSA-v646-rx6w-r3qq
  • Maven/org.apache.tomcat:tomcat-catalina
  • Maven/org.apache.tomcat:tomcat-catalina
Improper Access Control in Apache Tomcat
  • 7.0.0
  • 7.0.11
  • 7.0.12
  • 7.0.14
  • 7.0.16
  • 7.0.19
  • 7.0.2
  • ...
2023-02-03T20:50:52.368264Z Fix available
GHSA-gmhf-37fx-c4q8
  • Maven/io.jenkins.plugins:macstadium-orka
Missing permission checks in Jenkins Orka Plugin allow capturing credentials
  • 1.0
  • 1.1
  • 1.10
  • 1.12
  • 1.13
  • 1.14
  • 1.15
  • ...
2023-02-03T20:50:51.238250Z Fix available
GHSA-2jpx-h8j2-g8m4
  • Maven/com.cloudbees.jenkins.plugins:kubernetes-credentials-provider
Exposure of system-scoped Kubernetes credentials in Jenkins Kubernetes Credentials Provider Plugin
  • 0.10
  • 0.11
  • 0.12
  • 0.12.1
  • 0.13
  • 0.14
  • 0.15
  • ...
2023-02-03T20:50:50.381697Z Fix available
GHSA-87rh-wc85-xqvc
  • Maven/io.jenkins.plugins:macstadium-orka
Missing permission checks in Jenkins Orka Plugin allow enumerating credentials IDs
  • 1.0
  • 1.1
  • 1.10
  • 1.12
  • 1.13
  • 1.14
  • 1.15
  • ...
2023-02-03T20:50:49.893638Z Fix available