Search for packages
| purl | pkg:maven/org.jenkins-ci.main/jenkins-core@2.164.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6wmw-rn4w-vqf5
Aliases: CVE-2019-1003050 GHSA-qpg9-83fv-x9ch |
Cross-site Scripting The `f:validateButton` form control for the Jenkins UI did not properly escape job URLs resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-zftt-hmv8-judu
Aliases: CVE-2019-1003049 GHSA-742j-jcfr-23w3 |
Improper Authentication Users who cached their CLI authentication would remain authenticated because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T16:00:47.744900+00:00 | GHSA Importer | Affected by | VCID-6wmw-rn4w-vqf5 | https://github.com/advisories/GHSA-qpg9-83fv-x9ch | 38.0.0 |
| 2026-04-01T16:00:47.556493+00:00 | GHSA Importer | Affected by | VCID-zftt-hmv8-judu | https://github.com/advisories/GHSA-742j-jcfr-23w3 | 38.0.0 |
| 2026-04-01T12:48:24.374850+00:00 | GitLab Importer | Affected by | VCID-zftt-hmv8-judu | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2019-1003049.yml | 38.0.0 |
| 2026-04-01T12:48:24.328985+00:00 | GitLab Importer | Affected by | VCID-6wmw-rn4w-vqf5 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.main/jenkins-core/CVE-2019-1003050.yml | 38.0.0 |