Skip to main content

Checkmarx

2 CVEs product

Monthly

CVE-2023-35142 Maven HIGH PATCH This Week

Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jenkins Information Disclosure Checkmarx
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-46684 Maven MEDIUM PATCH This Month

Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Checkmarx
NVD
CVSS 3.1
5.4
EPSS
0.5%
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jenkins Information Disclosure Checkmarx
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Checkmarx
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy