io.jenkins:configuration-as-code (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package io.jenkins:configuration-as-code, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (9)
CVE-2018-1000610 — CVSS 8.8 (high): A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in…
CVE-2018-1000609 — CVSS 6.5 (medium): A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in…
CVE-2019-10345 — CVSS 5.5 (medium): Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted…
CVE-2019-10367 — CVSS 5.5 (medium): Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some…
CVE-2019-10362 — CVSS 5.4 (medium): Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import…
CVE-2022-23106 — CVSS 5.3 (medium): Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token…
CVE-2019-10363 — CVSS 4.9 (medium): Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted…
CVE-2019-10344 — CVSS 4.3 (medium): Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with…
CVE-2019-10343 — CVSS 3.3 (low): Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the…