315 matches found
CVE-2022-41255
Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
CVE-2022-41255
Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
Design/Logic Flaw
Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
CVE-2022-41255
Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
CVE-2022-41255
CVE-2022-41255 affects Jenkins with the CONS3RT Plugin 1.0.0 and earlier. The vulnerability is that the Cons3rt API token is stored unencrypted in job config.xml files on the Jenkins controller, where it can be viewed by users who have access to the controller filesystem. The available sources co...
PT-2022-25771 · Jenkins · Jenkins Cons3Rt Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins CONS3RT Plugin versions 1.0.0 and earlier Description: The issue allows users with access to the Jenkins controller file system to view the Cons3rt API token, which is stored unencrypted in job config.xml files on the Jenkins...
IBM Security Verify Information Queue Information Disclosure Vulnerability (CNVD-2022-55635)
IBM Security Verify Information Queue is an integration product from IBM of America, Inc. Leverages Kafka technology and a publish/subscribe model to integrate data between IBM Security products. IBM Security Verify Information Queue version 10.0.2 is vulnerable to an information disclosure...
Security Bulletin: A failed attempt to regenerate an IBM Security Verify Information Queue API token reveals sensitive data (CVE-2022-35288)
Summary When a malformed request to regenerate an external API token is sent to IBM Security Verify Information Queue ISIQ v10.0.2, the resulting error message reveals sensitive data. ISIQ v10.0.3 has remediated this information exposure vulnerability. CVE-2022-35288 Vulnerability Details...
Malicious code in api-token-admin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4535f9c2f971a7fb10b59773cacb4968e9535d554d6963279f71c3700c8c182 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1043 Malicious code in api-token-admin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4535f9c2f971a7fb10b59773cacb4968e9535d554d6963279f71c3700c8c182 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Jenkins SOASTA CloudTest Plugin stores API token in plain text
Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file com.soasta.jenkins.CloudTestServer.xml on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system. As of publication of this advisory there ...
GHSA-7HP3-5W4X-8F7C Jenkins SOASTA CloudTest Plugin stores API token in plain text
Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file com.soasta.jenkins.CloudTestServer.xml on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system. As of publication of this advisory there ...
GHSA-757G-M98V-6R49 Jenkins Sofy.AI Plugin stores API token in plain text
Jenkins Sofy.AI Plugin stores an API token unencrypted in job config.xml files on the Jenkins controller. This token can be viewed by users with Extended Read permission or access to the Jenkins controller file system. As of publication of this advisory there is no fix...
Jenkins does not invalidate the API token when a user is deleted
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token...
GHSA-3269-JQP5-V8C9 Jenkins allows for Privilege Escalation by Remote Authenticated Users
The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users...
Jenkins allows for Privilege Escalation by Remote Authenticated Users
The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users...
GHSA-FFJ8-W4RJ-VR7V ECS Publisher Plugin stored and displayed API token in plain text
A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configured in this plugin's configuration...
ECS Publisher Plugin stored and displayed API token in plain text
A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configured in this plugin's configuration...
CVE-2022-26672
ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A successful login to a general user account allows the attacker to access, modif...
Hardcoded credentials
ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A successful login to a general user account allows the attacker to access, modif...