Skip to main content

Deployer Framework

4 CVEs product

Monthly

CVE-2022-36891 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Deployer Framework
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-36890 Maven MEDIUM PATCH This Month

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Jenkins Deployer Framework
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2022-36889 Maven HIGH PATCH This Week

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Jenkins Deployer Framework
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-2227 Maven MEDIUM PATCH This Month

Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Deployer Framework
NVD
CVSS 3.1
5.4
EPSS
0.7%
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Deployer Framework
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Jenkins Deployer Framework
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Jenkins Deployer Framework
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Deployer Framework
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy