Search
Search Results (15 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1000113 | 1 Jenkins | 1 Deploy | 2025-04-20 | N/A |
| The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with Credentials Plugin to store passwords securely, and automatically migrates existing passwords. | ||||
| CVE-2023-50775 | 1 Jenkins | 1 Deployment Dashboard | 2025-02-13 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to copy jobs. | ||||
| CVE-2022-36891 | 1 Jenkins | 1 Deployer Framework | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs. | ||||
| CVE-2022-36890 | 1 Jenkins | 1 Deployer Framework | 2024-11-21 | 4.3 Medium |
| Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | ||||
| CVE-2022-36889 | 1 Jenkins | 1 Deployer Framework | 2024-11-21 | 8.8 High |
| Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service. | ||||
| CVE-2022-34799 | 1 Jenkins | 1 Deployment Dashboard | 2024-11-21 | 4.3 Medium |
| Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-34798 | 1 Jenkins | 1 Deployment Dashboard | 2024-11-21 | 4.3 Medium |
| Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. | ||||
| CVE-2022-34797 | 1 Jenkins | 1 Deployment Dashboard | 2024-11-21 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials. | ||||
| CVE-2022-34796 | 1 Jenkins | 1 Deployment Dashboard | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-34795 | 1 Jenkins | 1 Deployment Dashboard | 2024-11-21 | 5.4 Medium |
| Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. | ||||
| CVE-2020-2227 | 1 Jenkins | 1 Deployer Framework | 2024-11-21 | 5.4 Medium |
| Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability. | ||||
| CVE-2020-2156 | 1 Jenkins | 1 Deployhub | 2024-11-21 | 4.3 Medium |
| Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | ||||
| CVE-2019-10465 | 1 Jenkins | 1 Deploy Weblogic | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system. | ||||
| CVE-2019-10464 | 1 Jenkins | 1 Deploy Weblogic | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system. | ||||
| CVE-2019-10286 | 1 Jenkins | 1 Deployhub | 2024-11-21 | 8.8 High |
| Jenkins DeployHub Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
Page 1 of 1.