Search for packages
| purl | pkg:maven/org.jenkins-ci.plugins/mesos@0.17.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-ceau-ygrr-3be2
Aliases: CVE-2018-1000421 GHSA-5q7j-8hpc-4848 |
Server-Side Request Forgery (SSRF) An improper authorization vulnerability exists in the Jenkins Mesos Plugin in `MesosCloud.java` that allows attackers with Overall/Read access to initiate a test connection to an attacker-specified Mesos server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. |
Affected by 0 other vulnerabilities. |
|
VCID-yvsq-zaa9-kqg6
Aliases: CVE-2018-1000420 GHSA-23xr-9xxr-vg3c |
Incorrect Authorization An improper authorization vulnerability exists in the Jenkins Mesos Plugin in `MesosCloud.java` that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-04T14:30:34.549305+00:00 | GHSA Importer | Affected by | VCID-ceau-ygrr-3be2 | https://github.com/advisories/GHSA-5q7j-8hpc-4848 | 38.1.0 |
| 2026-04-04T14:30:02.733224+00:00 | GHSA Importer | Affected by | VCID-yvsq-zaa9-kqg6 | https://github.com/advisories/GHSA-23xr-9xxr-vg3c | 38.1.0 |
| 2026-04-01T12:50:34.845240+00:00 | GitLab Importer | Affected by | VCID-ceau-ygrr-3be2 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins/mesos/CVE-2018-1000421.yml | 38.0.0 |
| 2026-04-01T12:50:10.264389+00:00 | GitLab Importer | Affected by | VCID-yvsq-zaa9-kqg6 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins/mesos/CVE-2018-1000420.yml | 38.0.0 |