org.jkva.maven-plugins:cascading-release-maven-plugin@1.0 vulnerabilities
-
latest version
1.0
-
first published
9 years ago
-
latest version published
9 years ago
-
licenses detected
- [1.0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.jkva.maven-plugins:cascading-release-maven-plugin package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). It does not perform permission checks in several HTTP endpoints.This allows attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin.Additionally, these endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.As of publication of this advisory, there is no fix. NOTE: This vulnerability has also been identified as: CVE-2020-2295 How to fix Cross-site Request Forgery (CSRF)? There is no fixed version for |
[0,)
|
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). It does not perform permission checks in several HTTP endpoints.This allows attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin.Additionally, these endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.As of publication of this advisory, there is no fix. NOTE: This vulnerability has also been identified as: CVE-2020-2294 How to fix Cross-site Request Forgery (CSRF)? There is no fixed version for |
[0,)
|