io.jenkins.blueocean:blueocean
Maven8 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting io.jenkins.blueocean:blueoceanpage 1 of 1
- CVE-2017-1000105MEDIUMCVSS 5.3EG 4.32017-10-05
vulnerable: 1.0-alpha-1 ... 1.2.4 (66 versions)
The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient.
- CVE-2017-1000106HIGHCVSS 8.5EG 8.5✓ Fixed in 1.2.02017-10-05
vulnerable: 1.0-alpha-1 ... 1.2.0-beta-7 (61 versions)
Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API sup…
- CVE-2017-1000110MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.2.02017-10-05
vulnerable: 1.0-alpha-1 ... 1.2.0-beta-7 (61 versions)
Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. It did not properly check th…
- CVE-2019-1003012MEDIUMCVSS 6.5✓ Fixed in 1.10.22019-02-06
vulnerable: 1.0-alpha-1 ... 1.9.1 (108 versions)
A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlc…
- CVE-2019-1003013MEDIUMCVSS 5.4✓ Fixed in 1.10.22019-02-06
vulnerable: 1.0-alpha-1 ... 1.9.1 (108 versions)
An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons…
- CVE-2020-2254MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.23.32020-09-16
vulnerable: 1.0-alpha-1 ... 1.9.1 (129 versions)
Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.
- CVE-2020-2255MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.23.32020-09-16
vulnerable: 1.0-alpha-1 ... 1.9.1 (129 versions)
A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
- CVE-2023-40341HIGHCVSS 8.8EG 8.8✓ Fixed in 1.27.5.12023-08-16
vulnerable: 1.0-alpha-1 ... 1.9.1 (160 versions)
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.
Check whether io.jenkins.blueocean:blueocean is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for io.jenkins.blueocean:blueocean CVEs against the assets you own.
Start Free Scan →