ru.yandex.jenkins.plugins.debuilder:debian-package-builder

Maven2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting ru.yandex.jenkins.plugins.debuilder:debian-package-builderpage 1 of 1

CVE-2020-2125MEDIUMCVSS 4.3EG 3.3
2020-02-12
vulnerable: 1.2 ... 1.6.9 (24 versions)
Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.
CVE-2022-23118HIGHCVSS 8.8EG 7.5
2022-01-12
vulnerable: 1.2 ... 1.6.9 (24 versions)
Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `git` at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke…

Check whether ru.yandex.jenkins.plugins.debuilder:debian-package-builder is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for ru.yandex.jenkins.plugins.debuilder:debian-package-builder CVEs against the assets you own.

Start Free Scan →