VulnerableCode Package Details - pkg:maven/io.jenkins.blueocean/blueocean@1.23.3

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-jj88-rbff-4ygb	Missing permission check in Blue Ocean Plugin ### Updated 2020-09-16 This entry previously misidentified the problematic behavior. The HTTP request itself is legitimate, but only authorized users should be able to perform it. ### Original Description Blue Ocean Plugin 1.23.2 and earlier does not perform permission checks in several HTTP endpoints implementing connection tests. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Blue Ocean Plugin 1.23.3 requires Item/Create permission to perform these connection tests.	CVE-2020-2255 GHSA-vc7g-4269-f7hw
VCID-sa11-2uur-8ybd	Path traversal vulnerability in Blue Ocean Plugin Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag, `blueocean.features.GIT_READ_SAVE_TYPE`, that when set to the value `clone` allows an attacker with Item/Configure or Item/Create permission to read arbitrary files on the Jenkins controller file system. Blue Ocean Plugin 1.23.3 no longer includes this feature and redirects existing usage to a safer alternative.	CVE-2020-2254 GHSA-vq7j-6pcq-f48p

Vulnerability

Summary

Aliases

VCID-jj88-rbff-4ygb

Missing permission check in Blue Ocean Plugin ### Updated 2020-09-16 This entry previously misidentified the problematic behavior. The HTTP request itself is legitimate, but only authorized users should be able to perform it. ### Original Description Blue Ocean Plugin 1.23.2 and earlier does not perform permission checks in several HTTP endpoints implementing connection tests. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Blue Ocean Plugin 1.23.3 requires Item/Create permission to perform these connection tests.

CVE-2020-2255
GHSA-vc7g-4269-f7hw

VCID-sa11-2uur-8ybd

Path traversal vulnerability in Blue Ocean Plugin Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag, `blueocean.features.GIT_READ_SAVE_TYPE`, that when set to the value `clone` allows an attacker with Item/Configure or Item/Create permission to read arbitrary files on the Jenkins controller file system. Blue Ocean Plugin 1.23.3 no longer includes this feature and redirects existing usage to a safer alternative.

CVE-2020-2254
GHSA-vq7j-6pcq-f48p

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T16:01:46.543238+00:00	GHSA Importer	Fixing	VCID-jj88-rbff-4ygb	https://github.com/advisories/GHSA-vc7g-4269-f7hw	38.0.0
2026-04-01T16:01:46.452281+00:00	GHSA Importer	Fixing	VCID-sa11-2uur-8ybd	https://github.com/advisories/GHSA-vq7j-6pcq-f48p	38.0.0
2026-04-01T13:10:39.912195+00:00	GithubOSV Importer	Fixing	VCID-sa11-2uur-8ybd	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vq7j-6pcq-f48p/GHSA-vq7j-6pcq-f48p.json	38.0.0
2026-04-01T13:09:45.234480+00:00	GithubOSV Importer	Fixing	VCID-jj88-rbff-4ygb	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vc7g-4269-f7hw/GHSA-vc7g-4269-f7hw.json	38.0.0