Filtered by vendor Jenkins
Subscribe
Total
1603 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1003095 | 1 Jenkins | 1 Perfecto Mobile | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Perfecto Mobile Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003096 | 1 Jenkins | 1 Testfairy | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins TestFairy Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003085 | 1 Jenkins | 1 Zephyr Enterprise Test Management | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-10300 | 1 Jenkins | 1 Gitlab | 2023-12-10 | 3.5 LOW | 8.0 HIGH |
| A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2019-10278 | 1 Jenkins | 1 Jenkins-reviewbot | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-10283 | 1 Jenkins | 1 Mabl | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins mabl Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10306 | 1 Jenkins | 1 Ontrack | 2023-12-10 | 6.5 MEDIUM | 9.9 CRITICAL |
| A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM. | |||||
| CVE-2019-1003042 | 1 Jenkins | 1 Lockable Resources | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin. | |||||
| CVE-2019-10320 | 1 Jenkins | 1 Credentials | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate. | |||||
| CVE-2019-1003076 | 1 Jenkins | 1 Audit To Database | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-10354 | 2 Jenkins, Redhat | 2 Jenkins, Openshift Container Platform | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information. | |||||
| CVE-2019-10359 | 1 Jenkins | 1 M2release | 2023-12-10 | 6.8 MEDIUM | 6.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseAction#doSubmit method allowed attackers to perform releases with attacker-specified options. | |||||
| CVE-2019-10337 | 1 Jenkins | 1 Token Macro | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An XML external entities (XXE) vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks. | |||||
| CVE-2019-10390 | 1 Jenkins | 1 Splunk | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and earlier allowed attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. | |||||
| CVE-2019-10345 | 1 Jenkins | 1 Configuration As Code | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export. | |||||
| CVE-2019-10376 | 1 Jenkins | 1 Wall Display | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting vulnerability in Jenkins Wall Display Plugin 0.6.34 and earlier allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin. | |||||
| CVE-2019-10364 | 1 Jenkins | 1 Ec2 | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system log. | |||||
| CVE-2019-1003066 | 1 Jenkins | 1 Bugzilla | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10351 | 1 Jenkins | 1 Caliper Ci | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Caliper CI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003071 | 1 Jenkins | 1 Octopusdeploy | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins OctopusDeploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||