CVE-2019-16550 Vulnerability in maven package org.jenkins-ci.plugins.m2release:m2release

Description

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/12/17/1

https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1681

Related Vulnerabilities

CVE-2023-27564 Vulnerability in npm package n8n

CVE-2019-13343 Vulnerability in maven package com.butor:portal

CVE-2023-24997 Vulnerability in maven package org.apache.inlong:manager-pojo

CVE-2023-39153 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-oauth

CVE-2019-16763 Vulnerability in maven package org.webjars.npm:pannellum

Severity

Critical

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H