Skip to main content

Spira Importer

2 CVEs product

Monthly

CVE-2019-16558 Maven HIGH PATCH This Week

Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Spira Importer
NVD
CVSS 3.1
8.2
EPSS
0.6%
CVE-2019-16543 Maven MEDIUM PATCH This Month

Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Spira Importer
NVD
CVSS 3.1
5.5
EPSS
0.3%
EPSS 1% CVSS 8.2
HIGH PATCH This Week

Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Spira Importer
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Spira Importer
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy