RSS   Vulnerabilities for 'Maven cascade release'   RSS

2020-10-08
 
CVE-2020-2295

CWE-352
 

 
A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin.

 
 
CVE-2020-2294

CWE-862
 

 
Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin.

 


Copyright 2024, cxsecurity.com

 

Back to Top