Filtered by vendor Jenkins
Subscriptions
Total
1606 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10303 | 1 Jenkins | 1 Azure Publishersettings Credentials | 2024-08-04 | 8.8 High |
| Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier stored credentials unencrypted in the credentials.xml file on the Jenkins master where they could be viewed by users with access to the master file system. | ||||
| CVE-2019-10278 | 1 Jenkins | 1 Jenkins-reviewbot | 2024-08-04 | N/A |
| A cross-site request forgery vulnerability in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-10306 | 1 Jenkins | 1 Ontrack | 2024-08-04 | 9.9 Critical |
| A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM. | ||||
| CVE-2019-10297 | 1 Jenkins | 1 Sametime | 2024-08-04 | 8.8 High |
| Jenkins Sametime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
| CVE-2019-10291 | 1 Jenkins | 1 Netsparker Cloud Scan | 2024-08-04 | 8.8 High |
| Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | ||||
| CVE-2019-10287 | 1 Jenkins | 1 Youtrack-plugin | 2024-08-04 | 8.8 High |
| Jenkins youtrack-plugin Plugin 0.7.1 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | ||||
| CVE-2019-10279 | 1 Jenkins | 1 Jenkins-reviewbot | 2024-08-04 | 6.5 Medium |
| A missing permission check in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-10302 | 1 Jenkins | 1 Jira-ext | 2024-08-04 | 8.8 High |
| Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | ||||
| CVE-2019-10299 | 1 Jenkins | 1 Cloudcoreo Deploytime | 2024-08-04 | 8.8 High |
| Jenkins CloudCoreo DeployTime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
| CVE-2019-10295 | 1 Jenkins | 1 Crittercism-dsym | 2024-08-04 | 8.8 High |
| Jenkins crittercism-dsym Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-10290 | 1 Jenkins | 1 Netsparker Cloud Scan | 2024-08-04 | 6.5 Medium |
| A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | ||||
| CVE-2019-10286 | 1 Jenkins | 1 Deployhub | 2024-08-04 | 8.8 High |
| Jenkins DeployHub Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-10296 | 1 Jenkins | 1 Serena Sra Deploy | 2024-08-04 | 8.8 High |
| Jenkins Serena SRA Deploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
| CVE-2019-10283 | 1 Jenkins | 1 Mabl | 2024-08-04 | 8.8 High |
| Jenkins mabl Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-10282 | 1 Jenkins | 1 Klaros-testmanagement | 2024-08-04 | 8.8 High |
| Jenkins Klaros-Testmanagement Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2020-2319 | 1 Jenkins | 1 Vmware Lab Manager Slaves | 2024-08-04 | 6.5 Medium |
| Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2020-2308 | 2 Jenkins, Redhat | 2 Kubernetes, Openshift | 2024-08-04 | 4.3 Medium |
| A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names. | ||||
| CVE-2020-2301 | 1 Jenkins | 1 Active Directory | 2024-08-04 | 9.8 Critical |
| Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode. | ||||
| CVE-2020-2315 | 1 Jenkins | 1 Visualworks Store | 2024-08-04 | 6.5 Medium |
| Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2324 | 1 Jenkins | 1 Cvs | 2024-08-04 | 7.5 High |
| Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||