Filtered by vendor Jenkins
Subscribe
Total
1395 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10369 | 1 Jenkins | 1 Jclouds | 2020-10-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2019-10366 | 1 Jenkins | 1 Skytap Cloud Ci | 2020-10-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10385 | 1 Jenkins | 1 Eggplant | 2020-10-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10378 | 1 Jenkins | 1 Testlink | 2020-10-01 | 2.1 LOW | 5.3 MEDIUM |
| Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10380 | 1 Jenkins | 1 Simple Travis Pipeline Runner | 2020-10-01 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code. | |||||
| CVE-2019-10389 | 1 Jenkins | 1 Relution Enterprise Appstore Publisher | 2020-10-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server. | |||||
| CVE-2019-10409 | 1 Jenkins | 1 Project Inheritance | 2020-10-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates. | |||||
| CVE-2019-10455 | 1 Jenkins | 1 Rundeck | 2020-10-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2019-10457 | 1 Jenkins | 1 Oracle Cloud Infrastructure Compute Classic | 2020-10-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2019-10445 | 1 Jenkins | 1 Google Kubernetes Engine | 2020-10-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and earlier allowed attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID. | |||||
| CVE-2019-10442 | 1 Jenkins | 1 Icescrum | 2020-10-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2019-10439 | 1 Jenkins | 1 Crx Content Package Deployer | 2020-10-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | |||||
| CVE-2019-10438 | 1 Jenkins | 1 Crx Content Package Deployer | 2020-10-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2019-10284 | 1 Jenkins | 1 Diawi Upload | 2020-10-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Diawi Upload Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10285 | 1 Jenkins | 1 Minio Storage | 2020-10-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Minio Storage Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10287 | 1 Jenkins | 1 Youtrack-plugin | 2020-10-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins youtrack-plugin Plugin 0.7.1 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
| CVE-2019-10286 | 1 Jenkins | 1 Deployhub | 2020-10-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins DeployHub Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10288 | 1 Jenkins | 1 Jabber Server | 2020-10-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10283 | 1 Jenkins | 1 Mabl | 2020-10-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins mabl Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-2285 | 1 Jenkins | 1 Liquibase Runner | 2020-09-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||