Filtered by vendor Jenkins
Subscribe
Total
1603 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-1003037 | 1 Jenkins | 1 Azure Vm Agents | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
CVE-2019-1003059 | 1 Jenkins | 1 Ftp Publisher | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A missing permission check in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | |||||
CVE-2019-10328 | 1 Jenkins | 1 Pipeline Remote Loader | 2023-12-10 | 6.5 MEDIUM | 9.9 CRITICAL |
Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. | |||||
CVE-2019-10327 | 1 Jenkins | 1 Pipeline Maven Integration | 2023-12-10 | 5.5 MEDIUM | 8.1 HIGH |
An XML external entities (XXE) vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file that uses external entities for extraction of secrets from the Jenkins master, server-side request forgery, or denial-of-service attacks. | |||||
CVE-2019-1010241 | 1 Jenkins | 1 Credentials Binding | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line #30 (passwordVariable). The attack vector is: Attacker creates and executes a Jenkins job. | |||||
CVE-2019-1003046 | 1 Jenkins | 1 Fortify On Demand Uploader | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
A cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers to initiate a connection to an attacker-specified server. | |||||
CVE-2019-10294 | 1 Jenkins | 1 Kmap | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins Kmap Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-10284 | 1 Jenkins | 1 Diawi Upload | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins Diawi Upload Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-1003055 | 1 Jenkins | 1 Ftp Publisher | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
CVE-2019-1003039 | 1 Jenkins | 1 Appdynamics | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain passwords configured in jobs to obtain them. | |||||
CVE-2019-10319 | 1 Jenkins | 1 Pluggable Authentication Module | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
A missing permission check in Jenkins PAM Authentication Plugin 1.5 and earlier, except 1.4.1 in PamSecurityRealm.DescriptorImpl#doTest allowed users with Overall/Read permission to obtain limited information about the file /etc/shadow and the user Jenkins is running as. | |||||
CVE-2019-1003091 | 1 Jenkins | 1 Soasta Cloudtest | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A missing permission check in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | |||||
CVE-2019-10378 | 1 Jenkins | 1 Testlink | 2023-12-10 | 2.1 LOW | 5.3 MEDIUM |
Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
CVE-2019-10397 | 1 Jenkins | 1 Aqua Security Severless Scanner | 2023-12-10 | 2.6 LOW | 3.1 LOW |
Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. | |||||
CVE-2019-1003058 | 1 Jenkins | 1 Ftp Publisher | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
A cross-site request forgery vulnerability in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers to initiate a connection to an attacker-specified server. | |||||
CVE-2019-10288 | 1 Jenkins | 1 Jabber Server | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
CVE-2019-1003070 | 1 Jenkins | 1 Veracode-scanner | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
CVE-2019-1003092 | 1 Jenkins | 1 Nomad | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | |||||
CVE-2019-10360 | 1 Jenkins | 1 M2 Release | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins. | |||||
CVE-2019-1003060 | 1 Jenkins | 1 Official Owasp Zap | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. |