Product:

Gerrit_trigger

(Jenkins)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 6
Date Id Summary Products Score Patch Annotated
2022-04-12 CVE-2022-29039 Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. Gerrit_trigger 5.4
2023-01-26 CVE-2023-24423 A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit. Gerrit_trigger 6.5
2019-12-17 CVE-2019-16551 A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials. Gerrit_trigger 8.8
2019-12-17 CVE-2019-16552 A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins master. Gerrit_trigger 5.4
2018-03-13 CVE-2018-1000106 An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins. Gerrit_trigger 5.4
2018-03-13 CVE-2018-1000105 An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins. Gerrit_trigger 4.3