Jenkins Semantic Versioning 1.4 for Jenkins

CPE Details

Jenkins Semantic Versioning 1.4 for Jenkins
jenkins
semantic_versioning
1.4
2023-02-01
15h57 +00:00
2023-02-02
13h51 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:jenkins:semantic_versioning:1.4:*:*:*:*:jenkins:*:*

Informations

Vendor

jenkins

Product

semantic_versioning

Version

1.4

Target Software

jenkins

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-24429 2023-01-23 23h00 +00:00 Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
9.8
Critical
CVE-2023-24430 2023-01-23 23h00 +00:00 Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
9.8
Critical
CVE-2022-27201 2022-03-15 15h45 +00:00 Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
6.5
Medium