org.jenkins-ci.plugins:global-build-stats
Maven3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.jenkins-ci.plugins:global-build-statspage 1 of 1
- CVE-2017-1000389MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.52018-01-26
vulnerable: 1.1, 1.2, 1.3, 1.4
Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients,…
- CVE-2022-27207MEDIUMCVSS 4.8EG 4.82022-03-15
vulnerable: 1.1, 1.2, 1.3, 1.4, 1.5
Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the 'Global Build Stats' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Ove…
- CVE-2025-58459MEDIUMCVSS 4.3EG 4.3✓ Fixed in 347.v32a2025-09-03
vulnerable: 1.1 ... 322.v22f4db_18e2dd (15 versions)
Jenkins global-build-stats Plugin 322.v22f4db_18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs.
Check whether org.jenkins-ci.plugins:global-build-stats is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.jenkins-ci.plugins:global-build-stats CVEs against the assets you own.
Start Free Scan →