Jenkins Token Macro 2.2 for Jenkins

CPE Details

Jenkins Token Macro 2.2 for Jenkins
jenkins
token_macro
2.2
2019-02-06
18h53 +00:00
2019-02-06
18h53 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:jenkins:token_macro:2.2:*:*:*:*:jenkins:*:*

Informations

Vendor

jenkins

Product

token_macro

Version

2.2

Target Software

jenkins

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-10337 2019-06-11 11h15 +00:00 An XML external entities (XXE) vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks.
7.5
High
CVE-2019-1003011 2019-02-06 15h00 +00:00 An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/AbstractChangesSinceMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ChangesSinceLastBuildMacro.java, src/main/java/org/jenkinsci/plugins/tokenmacro/impl/ProjectUrlMacro.java that allows attackers with the ability to control token macro input (such as SCM changelogs) to define recursive input that results in unexpected macro evaluation.
8.1
High