org.jenkins-ci.plugins:matrix-project
Maven5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.jenkins-ci.plugins:matrix-projectpage 1 of 1
- CVE-2019-1003031CRITICALCVSS 9.9✓ Fixed in 1.142019-03-08
vulnerable: 1.0 ... 1.9 (18 versions)
A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins …
- CVE-2020-2224MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1.172020-07-15
vulnerable: 1.0 ... 1.9 (22 versions)
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerability.
- CVE-2020-2225MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1.172020-07-15
vulnerable: 1.0 ... 1.9 (22 versions)
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability.
- CVE-2022-20615MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1.18.12022-01-12
vulnerable: 1.0 ... 1.9 (24 versions)
Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configur…
- CVE-2024-23900MEDIUMCVSS 4.3EG 4.3✓ Fixed in 822.824.v14451b2024-01-24
vulnerable: 1.0 ... 822.v01b_8c85d16d2 (37 versions)
Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenk…
Check whether org.jenkins-ci.plugins:matrix-project is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.jenkins-ci.plugins:matrix-project CVEs against the assets you own.
Start Free Scan →