Jenkins Owasp Dependency-Check vulnerabilities
3 known vulnerabilities affecting jenkins/owasp_dependency-check.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-28153MEDIUMCVSS 5.4fixed in 5.4.62024-03-06
CVE-2024-28153 [MEDIUM] CWE-79 CVE-2024-28153: Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from
Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting (XSS) vulnerability.
nvd
CVE-2021-43577HIGHCVSS 7.1≤ 5.1.12021-11-12
CVE-2021-43577 [HIGH] CWE-611 CVE-2021-43577: Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent
Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
nvd
CVE-2017-1000109MEDIUMCVSS 6.1v1.0.1v1.0.1.1+49 more2017-10-05
CVE-2017-1000109 [MEDIUM] CWE-79 CVE-2017-1000109: The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vu
The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view.
nvd