CVE-2019-10342

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

CVE-2019-10340

A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

CVE-2019-10342

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

CVE-2019-10341

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...

Information disclosure

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

Design/Logic Flaw

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

CVE-2019-10341

Summary: CVE-2019-10341 affects Jenkins Docker Plugin 1.1.6 and earlier. A missing permission check in the DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker‑specified URL using attacker‑specified credentials IDs, potentially capturing crede...

CVE-2019-10340

A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

CVE-2019-10342

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

CVE-2019-10341

A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...

CVE-2019-10342

CVE-2019-10342 describes a missing permission check in the Jenkins Docker Plugin (versions 1.1.6 and earlier) that allows users with Overall/Read access to enumerate credentials IDs stored in Jenkins via various fillCredentialsIdItems methods. The issue originates from inadequate authorization in...

CVE-2019-10340

Jenkins Docker Plugin ≤ 1.1.6 is affected by a cross-site request forgery via DockerAPI.DescriptorImpl#doTestConnection. The vulnerability allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing credentials stor...

Echidna - Ethereum Fuzz Testing Framework

Echidna is a weird creature that eats bugs and is highly electrosensitive with apologies to Jacob Stanley More seriously, Echidna is a Haskell library designed for fuzzing/property-based testing of EVM code. It supports relatively sophisticated grammar-based fuzzing campaigns to falsify a variety...

PT-2019-11740 · Jenkins · Jenkins Docker Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Docker Plugin versions 1.1.6 and earlier Description: A missing permission check in the DockerAPI.DescriptorImpldoTestConnection function allowed users with Overall/Read access to connect to an attacker-specified URL using...

PT-2019-11739 · Jenkins · Jenkins Docker Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Docker Plugin versions 1.1.6 and earlier Description: A cross-site request forgery issue allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing...

PT-2019-11741 · Jenkins · Jenkins Docker Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Docker Plugin versions 1.1.6 and earlier Description: A missing permission check in the Jenkins Docker Plugin allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. This issue is related t...

Microsoft Releases July 2019 Security Updates, 2 Flaws Under Active Attack

Microsoft today released its monthly batch of software security updates for the July month to patch a total of 77 vulnerabilities, 14 are rated Critical, 62 are Important, and 1 is rated Moderate in severity. The July 2019 security updates include patches for various supported versions of Windows...

Docker Elevation of Privilege Vulnerability

Summary CVE-2018-15664 describes a vulnerability in the Docker runtime and the underlying community project, Moby wherein a malicious/compromised container can acquire full read/write access to the host operating system where that container is running. The vulnerability depends on the way that th...

KLA11821 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Azure Automation can be exploited remotely to gain privileges. 2. An elevation o...