Advisories for Maven/Org.jenkins-Ci.plugins/Cvs package

2022

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

2020

Improper Restriction of XML External Entity Reference

Jenkins CVS Plugin does not configure its XML parser to prevent XML external entity (XXE) attacks.

Cross-Site Request Forgery (CSRF)

A cross-site request forgery vulnerability in Jenkins CVS Plugin allows attackers to create and manipulate tags, and to connect to an attacker-specified URL.