Total
1070 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-10313 | 1 Jenkins | 1 Twitter | 2024-08-04 | 8.8 High |
Jenkins Twitter Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
CVE-2019-10281 | 1 Jenkins | 1 Relution Enterprise Appstore Publisher | 2024-08-04 | 8.8 High |
Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
CVE-2019-10225 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2024-08-04 | 6.3 Medium |
A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read, and modify files. | ||||
CVE-2019-10205 | 1 Redhat | 1 Quay | 2024-08-04 | 6.3 Medium |
A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able to perform database queries in the Red Hat Quay database could use the tokens to read or write container images stored in the registry. | ||||
CVE-2019-10285 | 1 Jenkins | 1 Minio Storage | 2024-08-04 | 8.8 High |
Jenkins Minio Storage Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
CVE-2019-10280 | 1 Jenkins | 1 Assembla Auth | 2024-08-04 | 8.8 High |
Jenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
CVE-2019-10277 | 1 Jenkins | 1 Starteam | 2024-08-04 | 8.8 High |
Jenkins StarTeam Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
CVE-2019-10288 | 1 Jenkins | 1 Jabber Server | 2024-08-04 | 8.8 High |
Jenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
CVE-2019-10284 | 1 Jenkins | 1 Diawi Upload | 2024-08-04 | 8.8 High |
Jenkins Diawi Upload Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
CVE-2019-10294 | 1 Jenkins | 1 Kmap | 2024-08-04 | 8.8 High |
Jenkins Kmap Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
CVE-2019-10298 | 1 Jenkins | 1 Koji | 2024-08-04 | 8.8 High |
Jenkins Koji Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
CVE-2019-10303 | 1 Jenkins | 1 Azure Publishersettings Credentials | 2024-08-04 | 8.8 High |
Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier stored credentials unencrypted in the credentials.xml file on the Jenkins master where they could be viewed by users with access to the master file system. | ||||
CVE-2019-10291 | 1 Jenkins | 1 Netsparker Cloud Scan | 2024-08-04 | 8.8 High |
Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | ||||
CVE-2019-10297 | 1 Jenkins | 1 Sametime | 2024-08-04 | 8.8 High |
Jenkins Sametime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
CVE-2019-10287 | 1 Jenkins | 1 Youtrack-plugin | 2024-08-04 | 8.8 High |
Jenkins youtrack-plugin Plugin 0.7.1 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | ||||
CVE-2019-10302 | 1 Jenkins | 1 Jira-ext | 2024-08-04 | 8.8 High |
Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | ||||
CVE-2019-10299 | 1 Jenkins | 1 Cloudcoreo Deploytime | 2024-08-04 | 8.8 High |
Jenkins CloudCoreo DeployTime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
CVE-2019-10239 | 1 Robotronic | 1 Runasspc | 2024-08-04 | N/A |
Robotronic RunAsSpc 3.7.0.0 protects stored credentials insufficiently, which allows locally authenticated attackers (under the same user context) to obtain cleartext credentials of the stored account. | ||||
CVE-2019-10295 | 1 Jenkins | 1 Crittercism-dsym | 2024-08-04 | 8.8 High |
Jenkins crittercism-dsym Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
CVE-2019-10286 | 1 Jenkins | 1 Deployhub | 2024-08-04 | 8.8 High |
Jenkins DeployHub Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. |