Vulnerabilities (CVE)

Filtered by vendor Jenkins Subscribe
Total 1608 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-1003055 1 Jenkins 1 Ftp Publisher 2024-11-21 4.0 MEDIUM 8.8 HIGH
Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CVE-2019-1003054 1 Jenkins 1 Jira Issue Updater 2024-11-21 4.0 MEDIUM 8.8 HIGH
Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVE-2019-1003053 1 Jenkins 1 Hockeyapp 2024-11-21 4.0 MEDIUM 8.8 HIGH
Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVE-2019-1003052 1 Jenkins 1 Aws Elastic Beanstalk Publisher 2024-11-21 4.0 MEDIUM 8.8 HIGH
Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CVE-2019-1003051 1 Jenkins 1 Irc 2024-11-21 4.0 MEDIUM 8.8 HIGH
Jenkins IRC Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CVE-2019-1003050 3 Jenkins, Oracle, Redhat 3 Jenkins, Communications Cloud Native Core Automated Test Suite, Openshift Container Platform 2024-11-21 3.5 LOW 5.4 MEDIUM
The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names.
CVE-2019-1003049 3 Jenkins, Oracle, Redhat 3 Jenkins, Communications Cloud Native Core Automated Test Suite, Openshift Container Platform 2024-11-21 6.8 MEDIUM 8.1 HIGH
Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches.
CVE-2019-1003048 1 Jenkins 1 Prqa 2024-11-21 2.1 LOW 7.8 HIGH
A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration.
CVE-2019-1003047 1 Jenkins 1 Fortify On Demand Uploader 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
A missing permission check in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
CVE-2019-1003046 1 Jenkins 1 Fortify On Demand Uploader 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers to initiate a connection to an attacker-specified server.
CVE-2019-1003044 1 Jenkins 1 Slack Notification 2024-11-21 2.1 LOW 7.1 HIGH
A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2019-1003043 1 Jenkins 1 Slack Notification 2024-11-21 3.5 LOW 7.5 HIGH
A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2019-1003042 1 Jenkins 1 Lockable Resources 2024-11-21 3.5 LOW 5.4 MEDIUM
A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin.
CVE-2019-1003041 2 Jenkins, Redhat 2 Pipeline\, Openshift Container Platform 2024-11-21 7.5 HIGH 9.8 CRITICAL
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.
CVE-2019-1003040 2 Jenkins, Redhat 2 Script Security, Openshift Container Platform 2024-11-21 7.5 HIGH 9.8 CRITICAL
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.
CVE-2019-1003039 1 Jenkins 1 Appdynamics 2024-11-21 4.0 MEDIUM 8.8 HIGH
An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain passwords configured in jobs to obtain them.
CVE-2019-1003038 1 Jenkins 1 Repository Connector 2024-11-21 2.1 LOW 7.8 HIGH
An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration.
CVE-2019-1003037 1 Jenkins 1 Azure Vm Agents 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2019-1003036 1 Jenkins 1 Azure Vm Agents 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent.
CVE-2019-1003035 1 Jenkins 1 Azure Vm Agents 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java, src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to perform the 'verify configuration' form validation action, thereby obtaining limited information about the Azure configuration.