VulnerableCode Package Details - pkg:rpm/redhat/jenkins-2-plugins@4.1.1561471763-1?arch=el7

Search for packages

Vulnerability	Summary	Fixed by
VCID-2r58-w5gn-x3bt Aliases: CVE-2019-10337 GHSA-g6h2-4x64-c59x	Improper Restriction of XML External Entity Reference An XML external entities (XXE) vulnerability in Jenkins Token Macro Plugin allows attackers, who are able to control the content of the input file for the "XML" macro, to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks.	There are no reported fixed by versions.
VCID-ftky-shfy-bufk Aliases: CVE-2019-10328 GHSA-v558-fhw2-v46w	Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin Jenkins Pipeline Remote Loader Plugin before 1.5 provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.	There are no reported fixed by versions.
VCID-s5qz-aqj7-6uhz Aliases: CVE-2019-10320 GHSA-xm94-9jw8-p6hw	File and Directory Information Exposure Jenkins Credentials Plugin allows users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-2r58-w5gn-x3bt
Aliases:
CVE-2019-10337
GHSA-g6h2-4x64-c59x

Improper Restriction of XML External Entity Reference An XML external entities (XXE) vulnerability in Jenkins Token Macro Plugin allows attackers, who are able to control the content of the input file for the "XML" macro, to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks.

There are no reported fixed by versions.

VCID-ftky-shfy-bufk
Aliases:
CVE-2019-10328
GHSA-v558-fhw2-v46w

Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin Jenkins Pipeline Remote Loader Plugin before 1.5 provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.

There are no reported fixed by versions.

VCID-s5qz-aqj7-6uhz
Aliases:
CVE-2019-10320
GHSA-xm94-9jw8-p6hw

File and Directory Information Exposure Jenkins Credentials Plugin allows users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:19:12.272968+00:00	RedHat Importer	Affected by	VCID-s5qz-aqj7-6uhz	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10320.json	38.0.0
2026-04-01T14:19:07.514742+00:00	RedHat Importer	Affected by	VCID-ftky-shfy-bufk	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10328.json	38.0.0
2026-04-01T14:18:51.399131+00:00	RedHat Importer	Affected by	VCID-2r58-w5gn-x3bt	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10337.json	38.0.0