Filtered by vendor Jenkins
Subscribe
Total
1395 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10449 | 1 Jenkins | 1 Fortify On Demand | 2019-10-18 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10450 | 1 Jenkins | 1 Elasticbox Ci | 2019-10-18 | 2.1 LOW | 3.3 LOW |
| Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10452 | 1 Jenkins | 1 View26 Test-reporting | 2019-10-18 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10453 | 1 Jenkins | 1 Delphix | 2019-10-18 | 2.1 LOW | 7.8 HIGH |
| Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10446 | 1 Jenkins | 1 Cadence Vmanager | 2019-10-18 | 6.4 MEDIUM | 8.2 HIGH |
| Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM. | |||||
| CVE-2019-10448 | 1 Jenkins | 1 Extensive Testing | 2019-10-18 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10444 | 1 Jenkins | 1 Bumblebee Hp Alm | 2019-10-18 | 6.4 MEDIUM | 6.5 MEDIUM |
| Jenkins Bumblebee HP ALM Plugin 4.1.3 and earlier unconditionally disabled SSL/TLS and hostname verification for connections to HP ALM. | |||||
| CVE-2019-10454 | 1 Jenkins | 1 Rundeck | 2019-10-18 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2019-10456 | 1 Jenkins | 1 Oracle Cloud Infrastructure Compute Classic | 2019-10-18 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2019-1003028 | 1 Jenkins | 1 Jms Messaging | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint. | |||||
| CVE-2019-10432 | 1 Jenkins | 1 Html Publisher | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins HTML Publisher Plugin 1.20 and earlier did not escape the project and build display names in the HTML report frame, resulting in a cross-site scripting vulnerability exploitable by users able to change those. | |||||
| CVE-2019-10431 | 1 Jenkins | 1 Script Security | 2019-10-09 | 6.5 MEDIUM | 9.9 CRITICAL |
| A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts. | |||||
| CVE-2019-10368 | 1 Jenkins | 1 Jclouds | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2019-10304 | 1 Jenkins | 1 Xebialabs Xl Deploy | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-10292 | 1 Jenkins | 1 Kmap | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-10278 | 1 Jenkins | 1 Jenkins-reviewbot | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-10289 | 1 Jenkins | 1 Netsparker Cloud Scan | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-1003027 | 1 Jenkins | 1 Octopusdeploy | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL and obtain the HTTP response code if successful, and exception error message otherwise. | |||||
| CVE-2019-1003026 | 1 Jenkins | 1 Mattermost | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message. | |||||
| CVE-2019-1003023 | 1 Jenkins | 1 Warnings Next Generation | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourcePrinter.java, src/main/java/io/jenkins/plugins/analysis/core/util/Sanitizer.java, src/main/java/io/jenkins/plugins/analysis/warnings/DuplicateCodeScanner.java that allows attackers with the ability to control warnings parser input to have Jenkins render arbitrary HTML. | |||||