Lucene search

Jenkins Kmap Plugin Security Vulnerabilities

cve

CVE-2019-10294

Jenkins Kmap Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file...

8.8CVSS

8.6AI Score

0.003EPSS

2019-04-04 04:29 PM

cve

CVE-2019-10293

A missing permission check in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers with Overall/Read permission to initiate a connection to an attacker-specified...

6.5CVSS

6.2AI Score

0.001EPSS

2019-04-04 04:29 PM

cve

CVE-2019-10292

A cross-site request forgery vulnerability in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers to initiate a connection to an attacker-specified...

6.5CVSS

6.3AI Score

0.002EPSS

2019-04-04 04:29 PM