org.jenkins-ci.plugins:deployer-framework

Maven4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.jenkins-ci.plugins:deployer-frameworkpage 1 of 1

CVE-2020-2227MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1.3
2020-07-15
vulnerable: 1.0, 1.1, 1.2
Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability.
CVE-2022-36889HIGHCVSS 8.8EG 8.8✓ Fixed in 86.v7b_a_4a_55b_f3ec
2022-07-27
vulnerable: 1.0 ... 85.v1d1888e8c021 (9 versions)
Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the J…
CVE-2022-36890MEDIUMCVSS 4.3EG 4.3✓ Fixed in 86.v7b_a_4a_55b_f3ec
2022-07-27
vulnerable: 1.0 ... 85.v1d1888e8c021 (9 versions)
Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified fi…
CVE-2022-36891MEDIUMCVSS 4.3EG 4.3✓ Fixed in 86.v7b_a_4a_55b_f3ec
2022-07-27
vulnerable: 1.0 ... 85.v1d1888e8c021 (9 versions)
A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs.

Check whether org.jenkins-ci.plugins:deployer-framework is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.jenkins-ci.plugins:deployer-framework CVEs against the assets you own.

Start Free Scan →