org.jvnet.hudson.plugins:ftppublisher 0.9 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.jvnet.hudson.plugins:ftppublisher package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Cross-Site Request Forgery (CSRF) org.jvnet.hudson.plugins:ftppublisher is a Jenkins plugin used to upload project artifacts and whole directories to an ftp server. Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF). The form validation method used by the plugin does not require POST requests, and is predictable resulting in a CSRF vulnerability. This vulnerability could be leveraged with CVE-2019-1003059 to trick a user into initiating a connection test to an attacker-specified FTP server with attacker-specified credentials. How to fix Cross-Site Request Forgery (CSRF)? There is no fixed version for `org.jvnet.hudson.plugins:ftppublisher`.	[0,)
L Insufficiently Protected Credentials org.jvnet.hudson.plugins:ftppublisher is a Jenkins plugin used to upload project artifacts and whole directories to an ftp server. Affected versions of this package are vulnerable to Insufficiently Protected Credentials. Credentials are stored unencrypted in the plugin's global configuration file `com.zanox.hudson.plugins.FTPPublisher.xml` on the Jenkins master system. These credentials can be viewed by users with access to the master file system. How to fix Insufficiently Protected Credentials? There is no fixed version for `org.jvnet.hudson.plugins:ftppublisher`.	[0,)
M Access Control Bypass org.jvnet.hudson.plugins:ftppublisher is a Jenkins plugin used to upload project artifacts and whole directories to an ftp server. Affected versions of this package are vulnerable to Access Control Bypass. A missing permission check in a form validation method allows users with Overall/Read permission to initiate a connection test to an attacker-specified FTP server with attacker-specified credentials. Additionally, the form validation method does not require POST requests, resulting in a CSRF vulnerability (CVE-2019-1003058). How to fix Access Control Bypass? There is no fixed version for `org.jvnet.hudson.plugins:ftppublisher`.	[0,)

Vulnerability

Vulnerable Version

Cross-Site Request Forgery (CSRF)

org.jvnet.hudson.plugins:ftppublisher is a Jenkins plugin used to upload project artifacts and whole directories to an ftp server.

Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF). The form validation method used by the plugin does not require POST requests, and is predictable resulting in a CSRF vulnerability. This vulnerability could be leveraged with CVE-2019-1003059 to trick a user into initiating a connection test to an attacker-specified FTP server with attacker-specified credentials.

How to fix Cross-Site Request Forgery (CSRF)?

There is no fixed version for org.jvnet.hudson.plugins:ftppublisher.

[0,)

Insufficiently Protected Credentials

org.jvnet.hudson.plugins:ftppublisher is a Jenkins plugin used to upload project artifacts and whole directories to an ftp server.

Affected versions of this package are vulnerable to Insufficiently Protected Credentials. Credentials are stored unencrypted in the plugin's global configuration file com.zanox.hudson.plugins.FTPPublisher.xml on the Jenkins master system. These credentials can be viewed by users with access to the master file system.

How to fix Insufficiently Protected Credentials?

There is no fixed version for org.jvnet.hudson.plugins:ftppublisher.

[0,)

Access Control Bypass

org.jvnet.hudson.plugins:ftppublisher is a Jenkins plugin used to upload project artifacts and whole directories to an ftp server.

Affected versions of this package are vulnerable to Access Control Bypass. A missing permission check in a form validation method allows users with Overall/Read permission to initiate a connection test to an attacker-specified FTP server with attacker-specified credentials. Additionally, the form validation method does not require POST requests, resulting in a CSRF vulnerability (CVE-2019-1003058).

How to fix Access Control Bypass?

There is no fixed version for org.jvnet.hudson.plugins:ftppublisher.

[0,)

org.jvnet.hudson.plugins:ftppublisher@0.9 vulnerabilities

latest version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?