Jenkins Websphere Deployer — known CVE vulnerabilities
Every CVE whose affected-product data names Jenkins Websphere Deployer, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2019-1003056 — CVSS 8.8 (high): Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by…
CVE-2019-16560 — CVSS 8.8 (high): A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection…
CVE-2020-2108 — CVSS 7.6 (high): Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a…
CVE-2019-16561 — CVSS 7.1 (high): Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with Overall/Read access to disable SSL/TLS certificate and hostname…
CVE-2019-16559 — CVSS 5.4 (medium): A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform…