189 matches found
CVE-2022-44624
In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters...
JetBrains TeamCity 日志信息泄露漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis, and build issue analysis reports. A log information disclosure vulnerability exists in JetBrains TeamCit...
Cross-Site Scripting (XSS)
jenkins-2-plugins is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in extraAttributes of POSTHyperlinkNote.java because URLs of these hyperlinks in build logs are not properly encoded which allows an attacker to inject malicious scripts and create pipelines...
GHSA-64R9-X74Q-WXMH Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin
Pipeline: Supporting APIs Plugin provides a feature to add hyperlinks, that send POST requests when clicked, to build logs. These links are used by Pipeline: Input Step Plugin to allow users to proceed or abort the build, or by Pipeline: Job Plugin to allow users to forcibly terminate the build...
Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin
Pipeline: Supporting APIs Plugin provides a feature to add hyperlinks, that send POST requests when clicked, to build logs. These links are used by Pipeline: Input Step Plugin to allow users to proceed or abort the build, or by Pipeline: Job Plugin to allow users to forcibly terminate the build...
CVE-2022-43409
Jenkins Pipeline: Supporting APIs Plugin 838.va3a087b4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create Pipelines...
CVE-2022-43409
Jenkins Pipeline: Supporting APIs Plugin 838.va3a087b4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create Pipelines...
GHSA-JXMW-3GXF-FPRH Improper masking of credentials Jenkins in Git Plugin
Jenkins Git Plugin 4.11.4 and earlier does not properly mask i.e., replace with asterisks credentials in the build log provided by the Git Username and Password gitUsernamePassword credentials binding...
CVE-2022-38663
Jenkins Git Plugin 4.11.4 and earlier does not properly mask i.e., replace with asterisks credentials in the build log provided by the Git Username and Password gitUsernamePassword credentials binding...
Jenkins Plugin Git 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
CVE-2022-36321
In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases...
JetBrains TeamCity 日志信息泄露漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build issue analysis reports. A log information disclosure vulnerability exists in...
Unpatched Travis CI API Bug Exposes Thousands of Secret User Access Tokens
An unpatched security issue in the Travis CI API has left tens of thousands of developers' user tokens exposed to potential attacks, effectively allowing threat actors to breach cloud infrastructures, make unauthorized code changes, and initiate supply chain attacks. "More than 770 million logs o...
GHSA-RWH3-5G7V-3C5M Password written to the build log by Jenkins SQLPlus Script Runner Plugin
Jenkins SQLPlus Script Runner Plugin 2.0.12 and earlier prints the sqlplus command invocation to the build logs. This log message does not redact a password provided as part of a command line argument. This password can be viewed by users with Item/Read permission. Jenkins SQLPlus Script Runner...
Password written to the build log by Jenkins SQLPlus Script Runner Plugin
Jenkins SQLPlus Script Runner Plugin 2.0.12 and earlier prints the sqlplus command invocation to the build logs. This log message does not redact a password provided as part of a command line argument. This password can be viewed by users with Item/Read permission. Jenkins SQLPlus Script Runner...
Maven Integration Plugin did not mask sensitive values in module build logs
Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log...
GHSA-42M6-7XFF-9V9M Improper Neutralization of Input During Web Page Generation in Jenkins
Jenkins before versions 2.44 and 2.32.2 is vulnerable to a persisted cross-site scripting vulnerability in console notes SECURITY-382. Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content while the build is running. Malicious Jenkins...
Woodpecker allows cross-site scripting (XSS) via build logs
Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping...
GHSA-VMP5-C5HP-6C65 Woodpecker allows cross-site scripting (XSS) via build logs
Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping...
CVE-2022-29947
Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping...