Skip to main content

M2Release

2 CVEs product

Monthly

CVE-2019-10361 Maven MEDIUM PATCH This Month

Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure M2Release
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2019-10359 Maven MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseAction#doSubmit method allowed attackers to perform releases with attacker-specified. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF M2Release
NVD
CVSS 3.1
6.3
EPSS
0.6%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure M2Release
NVD
EPSS 1% CVSS 6.3
MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseAction#doSubmit method allowed attackers to perform releases with attacker-specified. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF M2Release
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy