Lucene search
K

189 matches found

OSV
OSV
added 2022/11/03 2:15 p.m.6 views

CVE-2022-44624

In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters...

7.5CVSS5.8AI score0.00534EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/11/03 12:0 a.m.6 views

JetBrains TeamCity 日志信息泄露漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis, and build issue analysis reports. A log information disclosure vulnerability exists in JetBrains TeamCit...

7.5CVSS7.4AI score0.00534EPSS
Exploits0References2
Veracode
Veracode
added 2022/10/20 2:53 p.m.25 views

Cross-Site Scripting (XSS)

jenkins-2-plugins is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in extraAttributes of POSTHyperlinkNote.java because URLs of these hyperlinks in build logs are not properly encoded which allows an attacker to inject malicious scripts and create pipelines...

5.4CVSS6.1AI score0.00655EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2022/10/19 7:0 p.m.29 views

GHSA-64R9-X74Q-WXMH Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin

Pipeline: Supporting APIs Plugin provides a feature to add hyperlinks, that send POST requests when clicked, to build logs. These links are used by Pipeline: Input Step Plugin to allow users to proceed or abort the build, or by Pipeline: Job Plugin to allow users to forcibly terminate the build...

8CVSS6.5AI score0.00655EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/10/19 7:0 p.m.33 views

Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin

Pipeline: Supporting APIs Plugin provides a feature to add hyperlinks, that send POST requests when clicked, to build logs. These links are used by Pipeline: Input Step Plugin to allow users to proceed or abort the build, or by Pipeline: Job Plugin to allow users to forcibly terminate the build...

5.4CVSS5.7AI score0.00655EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/10/19 4:15 p.m.4 views

CVE-2022-43409

Jenkins Pipeline: Supporting APIs Plugin 838.va3a087b4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create Pipelines...

5.4CVSS5.7AI score0.00655EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/10/19 12:0 a.m.37 views

CVE-2022-43409

Jenkins Pipeline: Supporting APIs Plugin 838.va3a087b4055b and earlier does not sanitize or properly encode URLs of hyperlinks sending POST requests in build logs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create Pipelines...

5.6AI score0.00655EPSS
Exploits0References2
OSV
OSV
added 2022/08/24 12:0 a.m.5 views

GHSA-JXMW-3GXF-FPRH Improper masking of credentials Jenkins in Git Plugin

Jenkins Git Plugin 4.11.4 and earlier does not properly mask i.e., replace with asterisks credentials in the build log provided by the Git Username and Password gitUsernamePassword credentials binding...

4.3CVSS5.9AI score0.00781EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/08/23 5:15 p.m.4 views

CVE-2022-38663

Jenkins Git Plugin 4.11.4 and earlier does not properly mask i.e., replace with asterisks credentials in the build log provided by the Git Username and Password gitUsernamePassword credentials binding...

6.5CVSS5.8AI score0.00781EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/08/23 12:0 a.m.15 views

Jenkins Plugin Git 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS5.6AI score0.00781EPSS
Exploits0References5
OSV
OSV
added 2022/07/20 1:15 p.m.6 views

CVE-2022-36321

In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases...

6.5CVSS5.8AI score0.01598EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/07/20 12:0 a.m.5 views

JetBrains TeamCity 日志信息泄露漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build issue analysis reports. A log information disclosure vulnerability exists in...

6.5CVSS6.6AI score0.01598EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2022/06/14 9:30 a.m.34 views

Unpatched Travis CI API Bug Exposes Thousands of Secret User Access Tokens

An unpatched security issue in the Travis CI API has left tens of thousands of developers' user tokens exposed to potential attacks, effectively allowing threat actors to breach cloud infrastructures, make unauthorized code changes, and initiate supply chain attacks. "More than 770 million logs o...

1AI score
Exploits0
OSV
OSV
added 2022/05/24 5:33 p.m.21 views

GHSA-RWH3-5G7V-3C5M Password written to the build log by Jenkins SQLPlus Script Runner Plugin

Jenkins SQLPlus Script Runner Plugin 2.0.12 and earlier prints the sqlplus command invocation to the build logs. This log message does not redact a password provided as part of a command line argument. This password can be viewed by users with Item/Read permission. Jenkins SQLPlus Script Runner...

6.5CVSS6.5AI score0.00977EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 5:33 p.m.19 views

Password written to the build log by Jenkins SQLPlus Script Runner Plugin

Jenkins SQLPlus Script Runner Plugin 2.0.12 and earlier prints the sqlplus command invocation to the build logs. This log message does not redact a password provided as part of a command line argument. This password can be viewed by users with Item/Read permission. Jenkins SQLPlus Script Runner...

6.5CVSS6.4AI score0.00977EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 4:51 p.m.14 views

Maven Integration Plugin did not mask sensitive values in module build logs

Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log...

6.5CVSS6.8AI score0.0101EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/13 1:36 a.m.2 views

GHSA-42M6-7XFF-9V9M Improper Neutralization of Input During Web Page Generation in Jenkins

Jenkins before versions 2.44 and 2.32.2 is vulnerable to a persisted cross-site scripting vulnerability in console notes SECURITY-382. Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content while the build is running. Malicious Jenkins...

5.4CVSS6.3AI score0.01058EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/04/30 12:0 a.m.32 views

Woodpecker allows cross-site scripting (XSS) via build logs

Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping...

6.1CVSS5.8AI score0.00632EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/04/30 12:0 a.m.23 views

GHSA-VMP5-C5HP-6C65 Woodpecker allows cross-site scripting (XSS) via build logs

Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping...

6.1CVSS5.9AI score0.00632EPSS
Exploits0References4
NVD
NVD
added 2022/04/29 9:15 p.m.22 views

CVE-2022-29947

Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping...

6.1CVSS0.00632EPSS
Exploits0References2
Rows per page
Query Builder