org.jenkins-ci.plugins:fortify

Maven5 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.jenkins-ci.plugins:fortifypage 1 of 1

CVE-2020-2107MEDIUMCVSS 4.3EG 4.3✓ Fixed in 19.2.30
2020-01-29
vulnerable: 19.1.28, 19.1.29
Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVE-2022-25188MEDIUMCVSS 4.3EG 4.3✓ Fixed in 20.2.35
2022-02-15
vulnerable: 19.1.28 ... 20.2.34 (6 versions)
Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file sys…
CVE-2023-4301MEDIUMCVSS 4.2EG 4.2✓ Fixed in 22.2.39
2023-08-21
vulnerable: 19.1.28 ... 22.1.38 (10 versions)
A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing cr…
CVE-2023-4302MEDIUMCVSS 4.2EG 4.2✓ Fixed in 22.2.39
2023-08-21
vulnerable: 19.1.28 ... 22.1.38 (10 versions)
A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, captur…
CVE-2023-4303MEDIUMCVSS 4.3EG 4.3✓ Fixed in 22.2.39
2023-08-21
vulnerable: 19.1.28 ... 22.1.38 (10 versions)
Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.

Check whether org.jenkins-ci.plugins:fortify is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.jenkins-ci.plugins:fortify CVEs against the assets you own.

Start Free Scan →