Jenkins Project Jenkins Cvs Plugin vulnerabilities

3 known vulnerabilities affecting jenkins_project/jenkins_cvs_plugin.

Total CVEs

3

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1

CVE-2022-29037MEDIUMCVSS 5.4≥ unspecified, ≤ 2.192022-04-12

CVE-2022-29037 [MEDIUM] CWE-79 CVE-2022-29037: Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name pa Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

CVE-2020-2324HIGHCVSS 7.5≥ unspecified, ≤ 2.162020-12-03

CVE-2020-2324 [HIGH] CWE-611 CVE-2020-2324: Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVE-2020-2184MEDIUMCVSS 4.3≥ unspecified, ≤ 2.152020-05-06

CVE-2020-2184 [MEDIUM] CWE-352 CVE-2020-2184: A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers t A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL.