org.jenkins-ci.plugins:job-import-plugin (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.jenkins-ci.plugins:job-import-plugin, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2019-1003015 — CVSS 9.1 (critical): An XML external entity processing vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/…
CVE-2019-1003016 — CVSS 8.8 (high): An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugi…
CVE-2019-1003017 — CVSS 5.3 (medium): A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy…
CVE-2022-43413 — CVSS 4.3 (medium): Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read…