Filtered by vendor Jenkins
Subscribe
Total
1608 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-1003055 | 1 Jenkins | 1 Ftp Publisher | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
CVE-2019-1003054 | 1 Jenkins | 1 Jira Issue Updater | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-1003053 | 1 Jenkins | 1 Hockeyapp | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
CVE-2019-1003052 | 1 Jenkins | 1 Aws Elastic Beanstalk Publisher | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
CVE-2019-1003051 | 1 Jenkins | 1 Irc | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
Jenkins IRC Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
CVE-2019-1003050 | 3 Jenkins, Oracle, Redhat | 3 Jenkins, Communications Cloud Native Core Automated Test Suite, Openshift Container Platform | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names. | |||||
CVE-2019-1003049 | 3 Jenkins, Oracle, Redhat | 3 Jenkins, Communications Cloud Native Core Automated Test Suite, Openshift Container Platform | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches. | |||||
CVE-2019-1003048 | 1 Jenkins | 1 Prqa | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration. | |||||
CVE-2019-1003047 | 1 Jenkins | 1 Fortify On Demand Uploader | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
A missing permission check in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | |||||
CVE-2019-1003046 | 1 Jenkins | 1 Fortify On Demand Uploader | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
A cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers to initiate a connection to an attacker-specified server. | |||||
CVE-2019-1003044 | 1 Jenkins | 1 Slack Notification | 2024-11-21 | 2.1 LOW | 7.1 HIGH |
A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
CVE-2019-1003043 | 1 Jenkins | 1 Slack Notification | 2024-11-21 | 3.5 LOW | 7.5 HIGH |
A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
CVE-2019-1003042 | 1 Jenkins | 1 Lockable Resources | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin. | |||||
CVE-2019-1003041 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift Container Platform | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. | |||||
CVE-2019-1003040 | 2 Jenkins, Redhat | 2 Script Security, Openshift Container Platform | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. | |||||
CVE-2019-1003039 | 1 Jenkins | 1 Appdynamics | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain passwords configured in jobs to obtain them. | |||||
CVE-2019-1003038 | 1 Jenkins | 1 Repository Connector | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration. | |||||
CVE-2019-1003037 | 1 Jenkins | 1 Azure Vm Agents | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
CVE-2019-1003036 | 1 Jenkins | 1 Azure Vm Agents | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent. | |||||
CVE-2019-1003035 | 1 Jenkins | 1 Azure Vm Agents | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java, src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to perform the 'verify configuration' form validation action, thereby obtaining limited information about the Azure configuration. |