org.jenkins-ci.plugins:fortify-on-demand-uploader (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.jenkins-ci.plugins:fortify-on-demand-uploader, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2019-10449 — CVSS 8.8 (high): Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by…
CVE-2019-1003046 — CVSS 6.5 (medium): A cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers to initiate a…
CVE-2019-1003047 — CVSS 6.5 (medium): A missing permission check in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers with Overall/Read permission to…
CVE-2020-2204 — CVSS 5.4 (medium): A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect…
CVE-2020-2202 — CVSS 4.3 (medium): A missing permission check in Jenkins Fortify on Demand Plugin 6.0.0 and earlier in form-related methods allowed users with Overall/Read…
CVE-2020-2203 — CVSS 4.3 (medium): A cross-site request forgery vulnerability in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers to connect to the…