194 matches found
CVE-2019-10371
A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session...
CVE-2019-10372
The CVE-2019-10372 issue affects Jenkins with the Gitlab Authentication Plugin (version 1.4 and earlier). The root cause is in GitLabSecurityRealm.java, where the plugin redirects users to a URL outside Jenkins after successful login, enabling an open redirect. Public sources in the connected doc...
CVE-2019-10372
An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login...
CVE-2019-10371
CVE-2019-10371 describes a session fixation vulnerability in Jenkins Gitlab Authentication Plugin versions 1.4 and earlier, arising from GitLabSecurityRealm.java that allows an attacker who can control the pre-authentication session to impersonate another user. Affected software: Jenkins Gitlab A...
SUSE SLES15 Security Update : rmt-server (SUSE-SU-2019:1381-1)
This update for rmt-server to version 2.1.4 fixes the following issues : Fix duplicate nginx location in rmt-server-pubcloud bsc1135222 Mirror additional repos that were enabled during mirroring bsc1132690 Make service IDs consistent across different RMT instances bsc1134428 Make SMT data import...
CVE-2019-10319
A missing permission check in Jenkins PAM Authentication Plugin 1.5 and earlier, except 1.4.1 in PamSecurityRealm.DescriptorImpldoTest allowed users with Overall/Read permission to obtain limited information about the file /etc/shadow and the user Jenkins is running as...
Information disclosure
A missing permission check in Jenkins PAM Authentication Plugin 1.5 and earlier, except 1.4.1 in PamSecurityRealm.DescriptorImpldoTest allowed users with Overall/Read permission to obtain limited information about the file /etc/shadow and the user Jenkins is running as...
CVE-2019-10319
CVE-2019-10319 affects Jenkins PAM Authentication Plugin (versions 1.5 and earlier, except 1.4.1). The root cause is a missing permission check in PamSecurityRealm.doTest, which allowed users with Overall/Read permission to view limited information about /etc/shadow and the user Jenkins runs as. ...
PT-2019-11721 · Jenkins · Jenkins Pam Authentication Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins PAM Authentication Plugin versions 1.5 and earlier, except version 1.4.1 Description: A missing permission check in the PamSecurityRealm.DescriptorImpldoTest function allowed users with Overall/Read permission to obtain limited...
CVE-2019-10315
CVE-2019-10315 : Jenkins GitHub Authentication Plugin versions 0.31 and earlier did not validate the OAuth state parameter, enabling CSRF exposure. Exploitation could allow an attacker to capture the OAuth redirect URL and, if the victim is already authenticated in Jenkins, attach the victim’s Je...
PT-2019-11682 · Jenkins · Jenkins Assembla Auth Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Assembla Auth Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner in the global config.xml configuration file on the Jenkins master. This allows users with access ...
CloudBees Jenkins GitHub Authentication Plugin Session Fixation Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . GitHub Authentication Plugin is used in which ...
Design/Logic Flaw
An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser e.g. malicious extension to retrieve t...
CVE-2019-1003018
An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser e.g. malicious extension to retrieve the...
CVE-2019-1003021
An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser e.g. malicious extension to retrieve t...
Session fixation
An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session...
CVE-2019-1003021
An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser e.g. malicious extension to retrieve t...
CVE-2019-1003018
CVE-2019-1003018 affects Jenkins GitHub Authentication Plugin 0.29 and earlier. The vulnerability lies in GithubSecurityRealm/config.jelly, allowing an attacker who can view a Jenkins administrator’s browser output (or influence the browser via a malicious extension) to retrieve the configured cl...
CVE-2019-1003018
An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser e.g. malicious extension to retrieve the...
PT-2019-11316 · Jenkins · Jenkins Gitlab Authentication Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins GitHub Authentication Plugin versions 0.29 and earlier Description: An exposure of sensitive information issue exists that allows attackers, who can view a Jenkins administrator's web browser output or control the browser, to retrieve...