← Back

M2release

m2release

Vendor: Jenkins • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-10361
1Jenkins
1M2release
Jun 17, 2026
Jul 31, 2019
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system.
CVE-2019-10359
1Jenkins
1M2release
Jun 17, 2026
Jul 31, 2019
N/A· v4
6.3 MEDIUM· v3
6.8 MEDIUM· v2
A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseAction#doSubmit method allowed attackers to perform releases with attacker-specified options.