Search for packages
| purl | pkg:rpm/redhat/jenkins-2-plugins@4.6.1601368321-1?arch=el8 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1uad-jqyh-zqgq
Aliases: CVE-2020-2252 GHSA-6fr3-286q-q3cr |
Improper Validation of Certificate with Host Mismatch in Jenkins Mailer Plugin Jenkins Mailer Plugin prior to 1.32.1, 1.31.1, and 1.29.1 does not perform hostname validation when connecting to the configured SMTP server. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections. Mailer Plugin 1.32.1, 1.31.1, and 1.29.1 validates the SMTP hostname when connecting via TLS by default. In Mailer Plugin 1.32 and earlier, administrators can set the Java system property mail.smtp.ssl.checkserveridentity to true on startup to enable this protection. In case of problems, this protection can be disabled again by setting the Java system property mail.smtp.ssl.checkserveridentity to false on startup. | There are no reported fixed by versions. |
|
VCID-jj88-rbff-4ygb
Aliases: CVE-2020-2255 GHSA-vc7g-4269-f7hw |
Missing permission check in Blue Ocean Plugin ### Updated 2020-09-16 This entry previously misidentified the problematic behavior. The HTTP request itself is legitimate, but only authorized users should be able to perform it. ### Original Description Blue Ocean Plugin 1.23.2 and earlier does not perform permission checks in several HTTP endpoints implementing connection tests. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Blue Ocean Plugin 1.23.3 requires Item/Create permission to perform these connection tests. | There are no reported fixed by versions. |
|
VCID-sa11-2uur-8ybd
Aliases: CVE-2020-2254 GHSA-vq7j-6pcq-f48p |
Path traversal vulnerability in Blue Ocean Plugin Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag, `blueocean.features.GIT_READ_SAVE_TYPE`, that when set to the value `clone` allows an attacker with Item/Configure or Item/Create permission to read arbitrary files on the Jenkins controller file system. Blue Ocean Plugin 1.23.3 no longer includes this feature and redirects existing usage to a safer alternative. | There are no reported fixed by versions. |
|
VCID-sprz-dww1-vufr
Aliases: CVE-2019-16541 GHSA-98m4-m2c3-qxgq |
Jenkins JIRA Plugin allows users to select and use credentials with System scope Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope. Jira Plugin 3.0.11 defines the appropriate folder context for credential lookup. As a side effect, existing per-folder Jira sites may lose access to already configured System-scoped credentials, as if no credential was specified in the first place. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:15:02.623495+00:00 | RedHat Importer | Affected by | VCID-sprz-dww1-vufr | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16541.json | 38.0.0 |
| 2026-04-01T14:04:29.845945+00:00 | RedHat Importer | Affected by | VCID-jj88-rbff-4ygb | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2255.json | 38.0.0 |
| 2026-04-01T14:04:29.800385+00:00 | RedHat Importer | Affected by | VCID-sa11-2uur-8ybd | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2254.json | 38.0.0 |
| 2026-04-01T14:04:29.754502+00:00 | RedHat Importer | Affected by | VCID-1uad-jqyh-zqgq | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2252.json | 38.0.0 |