org.jenkins-ci.plugins:swarm

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.jenkins-ci.plugins:swarmpage 1 of 1

CVE-2019-10309CRITICALCVSS 9.3EG 6.1
2019-04-30
vulnerable: 1.10 ... 3.9 (34 versions)
Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients that use UDP broadcasts to discover Jenkins masters do not prevent XML External Entity processing when processing the responses, allowing unauthorized attackers on the same netwo…
CVE-2020-2191MEDIUMCVSS 4.3EG 4.3✓ Fixed in 3.21
2020-06-03
vulnerable: 1.10 ... 3.9 (39 versions)
Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels.
CVE-2020-2192MEDIUMCVSS 6.5EG 6.5✓ Fixed in 3.21
2020-06-03
vulnerable: 1.10 ... 3.9 (39 versions)
A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels.

Check whether org.jenkins-ci.plugins:swarm is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.jenkins-ci.plugins:swarm CVEs against the assets you own.

Start Free Scan →