org.jvnet.hudson.plugins:favorite
Maven3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.jvnet.hudson.plugins:favoritepage 1 of 1
- CVE-2017-1000243MEDIUMCVSS 4.3EG 4.3✓ Fixed in 2.3.02017-11-01
vulnerable: 1.0 ... 2.2.0 (24 versions)
Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites
- CVE-2017-1000244HIGHCVSS 8.8EG 8.8✓ Fixed in 2.3.22017-11-01
vulnerable: 1.0 ... 2.3.1 (26 versions)
Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification
- CVE-2022-27196MEDIUMCVSS 5.4EG 5.4✓ Fixed in 2.4.12022-03-15
vulnerable: 1.0 ... 2.4.0 (30 versions)
Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions.
Check whether org.jvnet.hudson.plugins:favorite is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.jvnet.hudson.plugins:favorite CVEs against the assets you own.
Start Free Scan →