Lucene search
K

189 matches found

Prion
Prion
added 2024/03/06 5:15 p.m.22 views

Default credentials

Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default...

6.3AI score0.00679EPSS
Exploits0References1
CVE
CVE
added 2024/03/06 5:1 p.m.88 views

CVE-2024-28154

CVE-2024-28154 affects the Jenkins MQ Notifier Plugin (versions 1.4.0 and earlier). The issue is an information disclosure vulnerability where debug logging may record sensitive build parameters in build logs by default. This logging behavior can expose confidential data to users with access to b...

6.5CVSS6.2AI score0.00679EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/06 5:1 p.m.13 views

CVE-2024-28154

Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default...

6.4AI score0.00679EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/03/06 5:1 p.m.32 views

CVE-2024-28154

Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default...

6.3AI score0.00679EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/06 12:0 a.m.6 views

PT-2024-22300 · Jenkins · Jenkins Mq Notifier Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins MQ Notifier Plugin versions 1.4.0 and earlier Description: The issue concerns the logging of potentially sensitive build parameters as part of debug information in build logs by default. Recommendations: For Jenkins MQ Notifier Plugin...

6.5CVSS6.3AI score0.00679EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/03/06 12:0 a.m.5 views

Jenkins MQ Notifier Plugin Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS6.5AI score0.00679EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/02/12 10:27 a.m.6 views

jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin

A flaw was found in the Config File Provider Jenkins Plugin. Affected versions of this plugin do not mask replace with asterisks credentials specified in configuration files when they're written to the build log...

7.5CVSS5.7AI score0.00651EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2023/10/09 12:0 a.m.7 views

The vulnerability of the Jenkins NodeJS plugin, related to errors in processing user credentials in the build log, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Jenkins NodeJS plugin is related to errors in processing user credentials in the build log. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

7.8CVSS7.2AI score0.0053EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/20 6:30 p.m.25 views

Jenkins Build Failure Analyzer Plugin Cross-site Scripting vulnerability

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create or update Failure Causes. Build Failure Analyzer Plugin 2.4.2 escapes Failure Cause...

5.4CVSS5.6AI score0.00521EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/09/20 5:15 p.m.25 views

CVE-2023-43499

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create or update Failure Causes...

5.4CVSS5.6AI score
Exploits0References2
Cvelist
Cvelist
added 2023/09/20 4:6 p.m.26 views

CVE-2023-43499

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create or update Failure Causes...

5.7AI score0.00521EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/09/20 4:6 p.m.13 views

CVE-2023-43499

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create or update Failure Causes...

5.4AI score0.00521EPSS
Exploits0References2
OSV
OSV
added 2023/09/06 1:15 p.m.22 views

CVE-2023-41934

Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask i.e., replace with asterisks usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked...

5.3CVSS7AI score
Exploits0References2
NVD
NVD
added 2023/09/06 1:15 p.m.25 views

CVE-2023-41934

Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask i.e., replace with asterisks usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked...

5.3CVSS5.7AI score0.00544EPSS
Exploits0References2
Prion
Prion
added 2023/09/06 1:15 p.m.20 views

Design/Logic Flaw

Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask i.e., replace with asterisks usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked...

5CVSS5.2AI score0.00544EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/09/06 12:8 p.m.31 views

CVE-2023-41934

Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask i.e., replace with asterisks usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked...

6AI score0.00544EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/09/06 12:8 p.m.17 views

CVE-2023-41934

Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask i.e., replace with asterisks usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked...

6.7AI score0.00544EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2023/09/06 12:8 p.m.27 views

CVE-2023-41934

Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask i.e., replace with asterisks usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked...

5.3CVSS7AI score0.00544EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/09/06 12:0 a.m.7 views

Jenkins Plugin Pipeline Maven Integration Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

5.3CVSS6.7AI score0.00544EPSS
Exploits0References4
OSV
OSV
added 2023/08/16 3:30 p.m.30 views

GHSA-36FG-WHR2-G999 Jenkins NodeJS Plugin improper credential masking vulnerability

Jenkins NodeJS Plugin integrates with Config File Provider Plugin to specify custom NPM settings, including credentials for authentication, in a Npm config file. NodeJS Plugin 1.6.0 and earlier does not properly mask i.e., replace with asterisks credentials specified in the Npm config file in...

4.3CVSS7.5AI score0.0053EPSS
Exploits0References4
Rows per page
Query Builder