Vulnerabilities > Jenkins > M2Release

DATE CVE VULNERABILITY TITLE RISK
2019-07-31 CVE-2019-10361 Insufficiently Protected Credentials vulnerability in Jenkins M2Release
Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system.
local
low complexity
jenkins CWE-522
5.5
2019-07-31 CVE-2019-10359 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins M2Release
A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseAction#doSubmit method allowed attackers to perform releases with attacker-specified options.
network
low complexity
jenkins CWE-352
6.3