Skip to main content

Release

2 CVEs product

Monthly

CVE-2020-2292 Maven MEDIUM PATCH This Month

Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Release
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2018-1000013 Maven HIGH PATCH This Week

Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Release
NVD
CVSS 3.0
8.8
EPSS
1.0%
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Release
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Release
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy