1270 matches found
CVE-2022-34804
Jenkins OpsGenie Plugin 1.9 and earlier transmits API keys in plain text as part of the global Jenkins configuration form and job configuration forms, potentially resulting in their exposure...
CVE-2022-34803
Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission config.xml, or access to the Jenkins controller file system...
CVE-2022-34803
Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission config.xml, or access to the Jenkins controller file system...
Design/Logic Flaw
Jenkins OpsGenie Plugin 1.9 and earlier transmits API keys in plain text as part of the global Jenkins configuration form and job configuration forms, potentially resulting in their exposure...
Design/Logic Flaw
Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission config.xml, or access to the Jenkins controller file system...
CVE-2022-34804
Jenkins OpsGenie Plugin 1.9 and earlier transmits API keys in plain text as part of the global Jenkins configuration form and job configuration forms, potentially resulting in their exposure...
CVE-2022-34804
CVE-2022-34804 affects Jenkins OpsGenie Plugin 1.9 and earlier. The vulnerability described across multiple sources states that API keys are transmitted in plain text via the global Jenkins configuration form and job configuration forms, potentially exposing them. It also notes that API keys are ...
CVE-2022-34803
The CVE-2022-34803 entry concerns Jenkins OpsGenie Plugin 1.9 and earlier, which stores API keys unencrypted in the plugin’s global configuration file and in job config.xml on the Jenkins controller. The keys can be viewed by users with Extended Read permission (config.xml) or by anyone with acce...
CVE-2022-34803
Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission config.xml, or access to the Jenkins controller file system...
PT-2022-22355 · Jenkins · Jenkins Opsgenie Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins OpsGenie Plugin versions 1.9 and earlier Description: The issue concerns the storage of API keys in an unencrypted manner within the global configuration file and job config.xml files on the Jenkins controller. These keys can be...
PT-2022-22356 · Jenkins · Jenkins Opsgenie Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins OpsGenie Plugin versions 1.9 and earlier Description: The issue concerns the transmission and storage of API keys in plain text. Specifically, API keys are transmitted in plain text as part of the global Jenkins configuration form and...
Jenkins Plugin OpsGenie 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Plugin OpsGenie 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...
CVE-2022-31884
Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys...
CVE-2022-31883
Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference IDOR vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys...
CVE-2022-31883
Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference IDOR vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys...
Design/Logic Flaw
Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference IDOR vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys...
CVE-2022-31884
Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys...
CVE-2022-31884
CVE-2022-31884 affects Marval MSM v14.19.0.12476 and is due to Improper Access Control. A low-privilege user can delete other users’ API Keys, including high-privilege and Administrator keys. The connected documents describe exploitation potential and real-world use; there is no publicly document...
CVE-2022-31883
Marval MSM v14.19.0.12476 is affected by an Insecure Direct Object Reference (IDOR) vulnerability. A low-privilege user can view other users’ API keys, including Admins’ API keys. Root cause: IDOR flaw in the application’s handling of user/API key access. Impact stated in the provided sources is ...