org.jenkins-ci.plugins:requests

Maven4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.jenkins-ci.plugins:requestspage 1 of 1

CVE-2021-21674MEDIUMCVSS 4.3EG 4.3✓ Fixed in 2.2.7
2021-06-30
vulnerable: 2.0.2 ... requests-2.2 (13 versions)
A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and earlier allows attackers with Overall/Read permission to view the list of pending requests.
CVE-2021-21675MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.2.13
2021-06-30
vulnerable: 2.0.2 ... requests-2.2 (19 versions)
A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests.
CVE-2021-21676MEDIUMCVSS 4.3EG 4.3✓ Fixed in 2.2.8
2021-06-30
vulnerable: 2.0.2 ... requests-2.2 (14 versions)
Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send test emails to an attacker-specified email address.
CVE-2022-34782MEDIUMCVSS 4.3EG 4.3✓ Fixed in 2.2.17
2022-06-30
vulnerable: 2.0.2 ... requests-2.2 (23 versions)
An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests.

Check whether org.jenkins-ci.plugins:requests is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.jenkins-ci.plugins:requests CVEs against the assets you own.

Start Free Scan →