Skip to main content

Semantic Versioning

3 CVEs product

Monthly

CVE-2023-24430 Maven CRITICAL PATCH Act Now

Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Semantic Versioning
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-24429 Maven CRITICAL PATCH Act Now

Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE SSRF Semantic Versioning
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-27201 Maven MEDIUM PATCH This Month

Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Jenkins Semantic Versioning
NVD
CVSS 3.1
6.5
EPSS
1.3%
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Semantic Versioning
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE SSRF +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Jenkins Semantic Versioning
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy