Filtered by vendor Jenkins
Subscribe
Total
1603 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-10297 | 1 Jenkins | 1 Sametime | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins Sametime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
CVE-2019-10315 | 1 Jenkins | 1 Github Authentication | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF. | |||||
CVE-2019-10385 | 1 Jenkins | 1 Eggplant | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-10382 | 1 Jenkins | 1 Vmware Lab Manager Slaves | 2023-12-10 | 5.8 MEDIUM | 6.5 MEDIUM |
Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | |||||
CVE-2019-10325 | 1 Jenkins | 1 Warnings Next Generation | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages. | |||||
CVE-2019-10302 | 1 Jenkins | 1 Jira-ext | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
CVE-2019-10285 | 1 Jenkins | 1 Minio Storage | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins Minio Storage Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
CVE-2019-10335 | 1 Jenkins | 1 Electricflow | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A stored cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier allowed attackers able to configure jobs in Jenkins or control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in the plugin-provided output on build status pages. | |||||
CVE-2019-10277 | 1 Jenkins | 1 Starteam | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins StarTeam Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-1003068 | 1 Jenkins | 1 Vmware Vrealize Automation | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-1003054 | 1 Jenkins | 1 Jira Issue Updater | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-10367 | 1 Jenkins | 1 Configuration As Code | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied. | |||||
CVE-2019-1003081 | 1 Jenkins | 1 Openshift Deployer | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | |||||
CVE-2019-10358 | 1 Jenkins | 1 Maven | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log. | |||||
CVE-2019-1003034 | 2 Jenkins, Redhat | 2 Job Dsl, Openshift Container Platform | 2023-12-10 | 6.5 MEDIUM | 9.9 CRITICAL |
A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM. | |||||
CVE-2019-1003072 | 1 Jenkins | 1 Wildfly Deployer | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins WildFly Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-10380 | 1 Jenkins | 1 Simple Travis Pipeline Runner | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code. | |||||
CVE-2019-10304 | 1 Jenkins | 1 Xebialabs Xl Deploy | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server. | |||||
CVE-2019-10383 | 3 Jenkins, Oracle, Redhat | 3 Jenkins, Communications Cloud Native Core Automated Test Suite, Openshift Container Platform | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages. | |||||
CVE-2019-1003030 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift Container Platform | 2023-12-10 | 6.5 MEDIUM | 9.9 CRITICAL |
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM. |