Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-23118 | 1 Jenkins | 1 Debian Package Builder | 2022-01-19 | 9.0 HIGH | 8.8 HIGH |
Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `git` at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller. | |||||
CVE-2020-2125 | 1 Jenkins | 1 Debian Package Builder | 2020-02-13 | 4.0 MEDIUM | 4.3 MEDIUM |
Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. |