Filtered by vendor Jenkins
Subscribe
Total
1603 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-1003098 | 1 Jenkins | 1 Openid | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server. | |||||
CVE-2019-10370 | 1 Jenkins | 1 Mask Passwords | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally configured passwords in plain text as part of the configuration form, potentially resulting in their exposure. | |||||
CVE-2019-1003087 | 1 Jenkins | 1 Chef Sinatra | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | |||||
CVE-2019-10374 | 1 Jenkins | 1 Pegdown Formatter | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI. | |||||
CVE-2019-1003052 | 1 Jenkins | 1 Aws Elastic Beanstalk Publisher | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
CVE-2019-10342 | 1 Jenkins | 1 Docker | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | |||||
CVE-2019-10287 | 1 Jenkins | 1 Youtrack-plugin | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins youtrack-plugin Plugin 0.7.1 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
CVE-2019-10366 | 1 Jenkins | 1 Skytap Cloud Ci | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-1003062 | 1 Jenkins | 1 Aws Cloudwatch Logs Publisher | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
CVE-2019-1003036 | 1 Jenkins | 1 Azure Vm Agents | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent. | |||||
CVE-2019-10280 | 1 Jenkins | 1 Assembla Auth | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
CVE-2019-1003048 | 1 Jenkins | 1 Prqa | 2023-12-10 | 2.1 LOW | 7.8 HIGH |
A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration. | |||||
CVE-2019-10326 | 1 Jenkins | 1 Warnings Next Generation | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
A cross-site request forgery vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attackers to reset warning counts for future builds. | |||||
CVE-2019-1003078 | 1 Jenkins | 1 Vmware Lab Manager Slaves | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | |||||
CVE-2019-10314 | 1 Jenkins | 1 Koji | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Jenkins Koji Plugin disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | |||||
CVE-2019-10387 | 1 Jenkins | 1 Xl Testview | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A missing permission check in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
CVE-2019-1003050 | 3 Jenkins, Oracle, Redhat | 3 Jenkins, Communications Cloud Native Core Automated Test Suite, Openshift Container Platform | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names. | |||||
CVE-2019-1003094 | 1 Jenkins | 1 Open Stf | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins Open STF Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
CVE-2019-10377 | 1 Jenkins | 1 Avatar | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins. | |||||
CVE-2019-10281 | 1 Jenkins | 1 Relution Enterprise Appstore Publisher | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. |