org.jenkins-ci.plugins:libvirt-slave

Maven4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.jenkins-ci.plugins:libvirt-slavepage 1 of 1

CVE-2019-10471HIGHCVSS 8.8EG 8.8✓ Fixed in 1.8.6
2019-10-23
vulnerable: 1.8, 1.8.1, 1.8.3, 1.8.4, 1.8.5
A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials sto…
CVE-2019-10472MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.8.6
2019-10-23
vulnerable: 1.8, 1.8.1, 1.8.3, 1.8.4, 1.8.5
A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing cr…
CVE-2019-10473MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.8.6
2019-10-23
vulnerable: 1.8, 1.8.1, 1.8.3, 1.8.4, 1.8.5
A missing permission check in Jenkins Libvirt Slaves Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
CVE-2021-21627HIGHCVSS 8.8EG 8.8✓ Fixed in 1.9.1
2021-03-18
vulnerable: 1.8 ... 1.9.0 (7 versions)
A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt Agents Plugin 1.9.0 and earlier allows attackers to stop hypervisor domains.

Check whether org.jenkins-ci.plugins:libvirt-slave is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.jenkins-ci.plugins:libvirt-slave CVEs against the assets you own.

Start Free Scan →