Lucene search
K

28 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:29 a.m.7 views

CVE-2019-16557

Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS7.3AI score0.00852EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-6913

Malware in sbrugna...

6.1CVSS6.3AI score0.00801EPSS
Exploits0References2
OSV
OSV
added 2022/05/24 5:6 p.m.19 views

GHSA-X23M-8C2H-6WG7 Redgate SQL Change Automation Plugin stored credentials in plain text

Redgate SQL Change Automation Plugin 2.0.4 and earlier stores a NuGet API key unencrypted in job config.xml files as part of its configuration. This credential could be viewed by users with Extended Read permission or access to the Jenkins controller file system. This is due to an incomplete fix ...

4.3CVSS4.9AI score0.00855EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 5:6 p.m.30 views

Redgate SQL Change Automation Plugin stored credentials in plain text

Redgate SQL Change Automation Plugin 2.0.4 and earlier stores a NuGet API key unencrypted in job config.xml files as part of its configuration. This credential could be viewed by users with Extended Read permission or access to the Jenkins controller file system. This is due to an incomplete fix ...

4.3CVSS5.3AI score0.00855EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/24 5:3 p.m.14 views

GHSA-9HPQ-528P-48J3 Jenkins Redgate SQL Change Automation Plugin has Insufficiently Protected Credentials

Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS6.6AI score0.00852EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 5:3 p.m.27 views

Jenkins Redgate SQL Change Automation Plugin has Insufficiently Protected Credentials

Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS3.9AI score0.00852EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/03/04 12:0 a.m.4 views

The vulnerability in the web interface of the Cisco Crosswork Change Automation software allows a malicious actor to execute arbitrary code in the context of the current user or disclose protected information.

The vulnerability of the Cisco Crosswork Change Automation software’s web interface exists due to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user or disclose sensitive...

5.8CVSS6.4AI score0.00801EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2020/01/26 5:15 a.m.23 views

CVE-2019-16024

A vulnerability in the web-based management interface of Cisco Crosswork Change Automation could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to...

6.1CVSS5.9AI score0.00801EPSS
Exploits0References1
OSV
OSV
added 2020/01/26 5:15 a.m.3 views

CVE-2019-16024

A vulnerability in the web-based management interface of Cisco Crosswork Change Automation could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to...

6.1CVSS6AI score0.00801EPSS
Exploits0References1
Prion
Prion
added 2020/01/26 5:15 a.m.14 views

Cross site scripting

A vulnerability in the web-based management interface of Cisco Crosswork Change Automation could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to...

4.3CVSS5.9AI score0.00801EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2020/01/26 4:45 a.m.30 views

CVE-2019-16024 Cisco Crosswork Change Automation Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Crosswork Change Automation could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to...

6.1CVSS5.9AI score0.00801EPSS
Exploits0References1
CVE
CVE
added 2020/01/26 4:45 a.m.122 views

CVE-2019-16024

Cisco Crosswork Change Automation web-based management interface is vulnerable to cross-site scripting (XSS) due to insufficient input validation. An unauthenticated, remote attacker could entice a user to click a crafted link, potentially executing arbitrary script in the user’s browser or acces...

6.1CVSS5.9AI score0.00801EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2020/01/26 4:45 a.m.8 views

CVE-2019-16024 Cisco Crosswork Change Automation Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Crosswork Change Automation could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to...

6.1CVSS6AI score0.00801EPSS
Exploits0References1
CNVD
CNVD
added 2020/01/22 12:0 a.m.1 views

Unauthorized Access Vulnerability in CloudBees Jenkins Redgate SQL Change Automation Plugin

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . CloudBees Jenkins Redgate SQL...

4.3CVSS7.5AI score0.00855EPSS
Exploits0References1
NVD
NVD
added 2020/01/15 4:15 p.m.25 views

CVE-2020-2095

Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored an API key unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

4.3CVSS4.9AI score0.00855EPSS
Exploits0References1
OSV
OSV
added 2020/01/15 4:15 p.m.15 views

CVE-2020-2095

Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored an API key unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

4.3CVSS7.1AI score
Exploits0References1
Cvelist
Cvelist
added 2020/01/15 3:15 p.m.29 views

CVE-2020-2095

Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored an API key unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

4.9AI score0.00855EPSS
Exploits0References1
CVE
CVE
added 2020/01/15 3:15 p.m.64 views

CVE-2020-2095

CVE-2020-2095 affects the Jenkins Redgate SQL Change Automation Plugin (versions 2.0.4 and earlier). The vulnerability arises because an API key is stored unencrypted in job config.xml files on the Jenkins master, allowing viewing by users with Extended Read permission or access to the master fil...

4.3CVSS4.9AI score0.00855EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2020/01/15 12:0 a.m.3 views

PT-2020-15301 · Redgate +1 · Jenkins Redgate Sql Change Automation Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Redgate SQL Change Automation Plugin versions 2.0.4 and earlier Description: The issue concerns the storage of an API key in an unencrypted form in job config.xml files on the Jenkins master. This allows users with Extended Read...

4.3CVSS4.8AI score0.00855EPSS
Exploits0References6
CNVD
CNVD
added 2020/01/09 12:0 a.m.2 views

Cisco Crosswork Change Automation Cross-Site Scripting Vulnerability

Cisco Crosswork Change Automation is an automated deployment solution for network devices from Cisco. A security vulnerability exists in the web management interface in Cisco Crosswork Change Automation Releases prior to 3.1, which stems from the interface failing to adequately validate...

6.1CVSS7.4AI score0.00801EPSS
Exploits0References1
Rows per page
Query Builder