Vulnerabilities > Jenkins > Maven > High

DATE CVE VULNERABILITY TITLE RISK
2019-12-17 CVE-2019-16550 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Maven 0.14.0/0.16.1
A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.
network
low complexity
jenkins CWE-352
8.8
2019-12-17 CVE-2019-16549 XXE vulnerability in Jenkins Maven 0.14.0/0.16.1
Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents.
network
high complexity
jenkins CWE-611
8.1