Homepage
About Snyk

org.jvnet.hudson.plugins:warnings@1.24 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.jvnet.hudson.plugins:warnings package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Cross-site Request Forgery (CSRF)

org.jvnet.hudson.plugins:warnings is a Jenkins warnings plugin.

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). An attacker could execute arbitrary code via a form validation HTTP endpoint.

How to fix Cross-site Request Forgery (CSRF)?

Upgrade org.jvnet.hudson.plugins:warnings to version 5.0.1 or higher.

[,5.0.1)
  • H
XML External Entity (XXE) Injection

org.jvnet.hudson.plugins:warnings collects the compiler warnings of the project modules and visualizes the results.

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection in files it parses as part of the build process. It allows attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.

How to fix XML External Entity (XXE) Injection?

Upgrade org.jvnet.hudson.plugins:warnings to version 4.65 or higher.

[,4.65)
Go back to all versions of this package