Jenkins Semantic Versioning for Jenkins

CPE Details

Jenkins Semantic Versioning for Jenkins
jenkins
semantic_versioning
-
2022-03-21
16h59 +00:00
2022-04-19
15h28 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:jenkins:semantic_versioning:-:*:*:*:*:jenkins:*:*

Informations

Vendor

jenkins

Product

semantic_versioning

Version

-

Target Software

jenkins

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-24429 2023-01-23 23h00 +00:00 Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
9.8
Critique
CVE-2023-24430 2023-01-23 23h00 +00:00 Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
9.8
Critique
CVE-2022-27201 2022-03-15 15h45 +00:00 Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
6.5
Moyen