com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
Maven6 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting com.sonyericsson.hudson.plugins.gerrit:gerrit-triggerpage 1 of 1
- CVE-2018-1000105MEDIUMCVSS 4.3EG 4.3✓ Fixed in 2.27.52018-03-13
vulnerable: 2.0 ... 2.9.0 (73 versions)
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configura…
- CVE-2018-1000106MEDIUMCVSS 5.4EG 5.4✓ Fixed in 2.27.52018-03-13
vulnerable: 2.0 ... 2.9.0 (73 versions)
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit confi…
- CVE-2019-16551HIGHCVSS 8.8EG 8.8✓ Fixed in 2.30.22019-12-17
vulnerable: 2.0 ... 2.9.0 (80 versions)
A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials.
- CVE-2019-16552MEDIUMCVSS 5.4EG 5.4✓ Fixed in 2.30.22019-12-17
vulnerable: 2.0 ... 2.9.0 (80 versions)
A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the …
- CVE-2022-29039MEDIUMCVSS 5.4EG 5.4✓ Fixed in 2.35.32022-04-12
vulnerable: 2.0 ... 2.9.0 (93 versions)
Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by att…
- CVE-2023-24423MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.38.12023-01-26
vulnerable: 2.0 ... 2.9.0 (99 versions)
A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit.
Check whether com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger CVEs against the assets you own.
Start Free Scan →