Vulnerabilities > Jenkins > Maven

DATE CVE VULNERABILITY TITLE RISK
2019-12-17 CVE-2019-16550 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Maven 0.14.0/0.16.1
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.
network
low complexity
jenkins CWE-352
8.8
2019-12-17 CVE-2019-16549 XXE vulnerability in Jenkins Maven 0.14.0/0.16.1
Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents.
network
high complexity
jenkins CWE-611
8.1
2019-07-31 CVE-2019-10358 Information Exposure Through Log Files vulnerability in Jenkins Maven
Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log.
network
low complexity
jenkins CWE-532
6.5
2018-01-26 CVE-2017-1000397 Improper Input Validation vulnerability in Jenkins Maven
Jenkins Maven Plugin 2.17 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks.
network
jenkins CWE-20
4.3