Lucene search
+L

191 matches found

CNNVD
CNNVD
added 2023/09/06 12:0 a.m.8 views

Jenkins Plugin Pipeline Maven Integration Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

5.3CVSS6.7AI score0.00544EPSS
Exploits0References4
OSV
OSV
added 2023/08/16 3:30 p.m.49 views

GHSA-36FG-WHR2-G999 Jenkins NodeJS Plugin improper credential masking vulnerability

Jenkins NodeJS Plugin integrates with Config File Provider Plugin to specify custom NPM settings, including credentials for authentication, in a Npm config file. NodeJS Plugin 1.6.0 and earlier does not properly mask i.e., replace with asterisks credentials specified in the Npm config file in...

4.3CVSS7.5AI score0.0053EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/08/16 3:30 p.m.45 views

Jenkins NodeJS Plugin improper credential masking vulnerability

Jenkins NodeJS Plugin integrates with Config File Provider Plugin to specify custom NPM settings, including credentials for authentication, in a Npm config file. NodeJS Plugin 1.6.0 and earlier does not properly mask i.e., replace with asterisks credentials specified in the Npm config file in...

7.5CVSS7.5AI score0.0053EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2023/08/16 3:15 p.m.34 views

CVE-2023-40340

Jenkins NodeJS Plugin 1.6.0 and earlier does not properly mask i.e., replace with asterisks credentials specified in the Npm config file in Pipeline build logs...

7.5CVSS7.5AI score0.0053EPSS
Exploits0References2
Prion
Prion
added 2023/08/16 3:15 p.m.27 views

Code injection

Jenkins Config File Provider Plugin 952.va544a6234b46 and earlier does not mask i.e., replace with asterisks credentials specified in configuration files when they're written to the build log...

5CVSS7.5AI score0.00651EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/08/16 2:32 p.m.255 views

CVE-2023-40340

Summary of CVE-2023-40340: The Jenkins NodeJS Plugin (versions ≤ 1.6.0) fails to mask credentials in the Npm config file as they appear in Pipeline build logs. This improper masking can expose credentials, per the Red Hat and NVD entries, which align on the affected plugin and version range. The ...

7.5CVSS7.5AI score0.0053EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/07/26 3:30 p.m.2 views

GHSA-69VW-3PCM-84RW Jenkins Stored Cross-site Scripting vulnerability

Jenkins applies formatting to the console output of builds, transforming plain URLs into hyperlinks. Jenkins 2.415 and earlier, 2.414 and earlier, and LTS 2.401.2 and earlier does not sanitize or properly encode URLs of these hyperlinks in build logs. This results in a stored cross-site scripting...

8CVSS5.9AI score0.00862EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/07/26 3:30 p.m.34 views

Jenkins Stored Cross-site Scripting vulnerability

Jenkins applies formatting to the console output of builds, transforming plain URLs into hyperlinks. Jenkins 2.415 and earlier, 2.414 and earlier, and LTS 2.401.2 and earlier does not sanitize or properly encode URLs of these hyperlinks in build logs. This results in a stored cross-site scripting...

5.4CVSS4.9AI score0.00862EPSS
Exploits0References6Affected Software1
AlpineLinux
AlpineLinux
added 2023/07/26 2:15 p.m.25 views

CVE-2023-39151

Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control build log contents...

5.4CVSS5.8AI score0.00862EPSS
Exploits0
Prion
Prion
added 2023/07/26 2:15 p.m.30 views

Cross site scripting

Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control build log contents...

4.9CVSS5.1AI score0.00862EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/07/26 1:54 p.m.34 views

CVE-2023-39151

Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control build log contents...

5.6AI score0.00862EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/07/26 1:54 p.m.28 views

CVE-2023-39151

Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control build log contents...

5.4AI score0.00862EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/07/26 12:0 a.m.4 views

PT-2023-26808 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.415 and earlier Jenkins LTS versions 2.401.2 and earlier Description: The issue is related to the transformation of URLs in build logs into hyperlinks, which are not properly sanitized or encoded. This results in a stored...

8CVSS5.6AI score0.00862EPSS
Exploits0References11
CNNVD
CNNVD
added 2023/07/26 12:0 a.m.5 views

Jenkins Gradle Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS6.4AI score0.00637EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/07/26 12:0 a.m.25 views

FreeBSD : jenkins -- Stored XSS vulnerability (a0321b74-031d-485c-bb76-edd75256a6f0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a0321b74-031d-485c-bb76-edd75256a6f0 advisory. - Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build...

5.4CVSS6.2AI score0.00862EPSS
Exploits0References3
OSV
OSV
added 2023/05/16 5:15 p.m.5 views

CVE-2023-33001

Jenkins HashiCorp Vault Plugin 360.v0a1c04cf807d and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

7.5CVSS5.8AI score0.00601EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/05/16 4:0 p.m.45 views

CVE-2023-33001

Jenkins HashiCorp Vault Plugin 360.v0a1c04cf807d and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

7.7AI score0.00601EPSS
Exploits0References1
OSV
OSV
added 2023/04/12 6:30 p.m.20 views

GHSA-V5HQ-CQQR-6W4G Jenkins Kubernetes Plugin does not properly mask credentials

Multiple Jenkins plugins do not properly mask i.e., replace with asterisks credentials printed in the build log from Pipeline steps like sh and bat, when both of the following conditions are met: - The credentials are printed in build steps executing on an agent typically inside a node block. -...

4.3CVSS7.5AI score0.00491EPSS
Exploits0References3
OSV
OSV
added 2023/04/12 6:15 p.m.4 views

CVE-2023-30514

Jenkins Azure Key Vault Plugin 187.vacd5fecd198a and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

7.5CVSS7.1AI score0.0048EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/12 12:0 a.m.9 views

Jenkins Plugin Kubernetes 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

7.5CVSS7.2AI score0.00491EPSS
Exploits0References4
Rows per page
Query Builder