Vulnerabilities > Jenkins > Websphere Deployer > 1.3.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-01-29 | CVE-2020-2108 | XXE vulnerability in Jenkins Websphere Deployer Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions. | 7.6 |
2019-12-17 | CVE-2019-16561 | Improper Certificate Validation vulnerability in Jenkins Websphere Deployer Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for the entire Jenkins master JVM. | 7.1 |
2019-12-17 | CVE-2019-16560 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Websphere Deployer A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system. | 8.8 |
2019-12-17 | CVE-2019-16559 | Incorrect Default Permissions vulnerability in Jenkins Websphere Deployer A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system. | 5.4 |