org.jvnet.hudson.plugins:favorite 1.2 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.jvnet.hudson.plugins:favorite package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) org.jvnet.hudson.plugins:favorite is a Jenkins favorite plugin. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to missing sanitization of job names in the `favorite` column, exploitable by attackers with `Item/Configure` or `Item/Create` permissions. How to fix Cross-site Scripting (XSS)? Upgrade `org.jvnet.hudson.plugins:favorite` to version 2.4.1 or higher.	[,2.4.1)
M Insecure Permissions org.jvnet.hudson.plugins:favorite is a Jenkins plugin, allows you to mark a job a favorite. Affected versions of this package are vulnerable to Insecure Permissions. It does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites. How to fix Insecure Permissions? Upgrade `org.jvnet.hudson.plugins:favorite` to version 2.3.0 or higher.	[,2.3.0)
H Cross-Site Request Forgery (CSRF) org.jvnet.hudson.plugins: favorite is a Jenkins plugin, allows you to mark a job a favorite. Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to change the victim’s favorites. How to fix Cross-Site Request Forgery (CSRF)? Upgrade `org.jvnet.hudson.plugins:favorite` to version 2.3.0 or higher.	[,2.3.0)

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

org.jvnet.hudson.plugins:favorite is a Jenkins favorite plugin.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to missing sanitization of job names in the favorite column, exploitable by attackers with Item/Configure or Item/Create permissions.

How to fix Cross-site Scripting (XSS)?

Upgrade org.jvnet.hudson.plugins:favorite to version 2.4.1 or higher.

[,2.4.1)

Insecure Permissions

org.jvnet.hudson.plugins:favorite is a Jenkins plugin, allows you to mark a job a favorite.

Affected versions of this package are vulnerable to Insecure Permissions. It does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites.

How to fix Insecure Permissions?

Upgrade org.jvnet.hudson.plugins:favorite to version 2.3.0 or higher.

[,2.3.0)

Cross-Site Request Forgery (CSRF)

org.jvnet.hudson.plugins: favorite is a Jenkins plugin, allows you to mark a job a favorite.

Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to change the victim’s favorites.

How to fix Cross-Site Request Forgery (CSRF)?

Upgrade org.jvnet.hudson.plugins:favorite to version 2.3.0 or higher.

[,2.3.0)

org.jvnet.hudson.plugins:favorite@1.2 vulnerabilities

latest version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?