Filtered by vendor Jenkins
Subscribe
Total
1603 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10344 | 1 Jenkins | 1 Configuration As Code | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins. | |||||
| CVE-2019-10400 | 1 Jenkins | 1 Script Security | 2023-12-10 | 4.9 MEDIUM | 4.2 MEDIUM |
| A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts. | |||||
| CVE-2019-10350 | 1 Jenkins | 1 Port Allocator | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Port Allocator Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10391 | 1 Jenkins | 1 Ibm Application Security On Cloud | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. | |||||
| CVE-2019-1003089 | 1 Jenkins | 1 Upload To Pgyer | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10388 | 1 Jenkins | 1 Relution Enterprise Appstore Publisher | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server. | |||||
| CVE-2019-10289 | 1 Jenkins | 1 Netsparker Cloud Scan | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-10398 | 1 Jenkins | 1 Beaker Builder | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
| CVE-2019-10286 | 1 Jenkins | 1 Deployhub | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins DeployHub Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10282 | 1 Jenkins | 1 Klaros-testmanagement | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Klaros-Testmanagement Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10318 | 1 Jenkins | 1 Azure Ad | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system. | |||||
| CVE-2019-1003043 | 1 Jenkins | 1 Slack Notification | 2023-12-10 | 3.5 LOW | 7.5 HIGH |
| A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2019-10292 | 1 Jenkins | 1 Kmap | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-10293 | 1 Jenkins | 1 Kmap | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-1003088 | 1 Jenkins | 1 Fabric Beta Publisher | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Fabric Beta Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003069 | 1 Jenkins | 1 Aqua Security Scanner | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003067 | 1 Jenkins | 1 Trac Publisher | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003097 | 1 Jenkins | 1 Crowd Integration | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003041 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift Container Platform | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. | |||||
| CVE-2019-10362 | 1 Jenkins | 1 Configuration As Code | 2023-12-10 | 5.5 MEDIUM | 5.4 MEDIUM |
| Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change Jenkins system configuration to obtain the values of environment variables. | |||||