Vulnerabilities > Jenkins > CRX Content Package Deployer > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-06-23 CVE-2022-34184 Cross-site Scripting vulnerability in Jenkins CRX Content Package Deployer
Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
network
low complexity
jenkins CWE-79
5.4
2019-10-16 CVE-2019-10439 Missing Authorization vulnerability in Jenkins CRX Content Package Deployer
A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
4.3
2019-10-16 CVE-2019-10438 Missing Authorization vulnerability in Jenkins CRX Content Package Deployer
A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
6.5