Jenkins - Coverity CVE - OpenCVE

Filtered by vendor Jenkins Subscriptions

Filtered by product Coverity Subscriptions

Total 4 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2018-1000104	1 Jenkins	1 Coverity	2024-09-16	N/A
A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured keystore and private key passwords.
CVE-2022-36921	1 Jenkins	1 Coverity	2024-08-03	8.1 High
A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2022-36919	1 Jenkins	1 Coverity	2024-08-03	4.3 Medium
A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2022-36920	1 Jenkins	1 Coverity	2024-08-03	8.8 High
A cross-site request forgery (CSRF) vulnerability in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Page 1 of 1.