28 matches found
CVE-2019-16557
Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
EUVD-2019-6913
Malware in sbrugna...
GHSA-X23M-8C2H-6WG7 Redgate SQL Change Automation Plugin stored credentials in plain text
Redgate SQL Change Automation Plugin 2.0.4 and earlier stores a NuGet API key unencrypted in job config.xml files as part of its configuration. This credential could be viewed by users with Extended Read permission or access to the Jenkins controller file system. This is due to an incomplete fix ...
Redgate SQL Change Automation Plugin stored credentials in plain text
Redgate SQL Change Automation Plugin 2.0.4 and earlier stores a NuGet API key unencrypted in job config.xml files as part of its configuration. This credential could be viewed by users with Extended Read permission or access to the Jenkins controller file system. This is due to an incomplete fix ...
GHSA-9HPQ-528P-48J3 Jenkins Redgate SQL Change Automation Plugin has Insufficiently Protected Credentials
Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
Jenkins Redgate SQL Change Automation Plugin has Insufficiently Protected Credentials
Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
The vulnerability in the web interface of the Cisco Crosswork Change Automation software allows a malicious actor to execute arbitrary code in the context of the current user or disclose protected information.
The vulnerability of the Cisco Crosswork Change Automation software’s web interface exists due to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user or disclose sensitive...
CVE-2019-16024
A vulnerability in the web-based management interface of Cisco Crosswork Change Automation could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to...
CVE-2019-16024
A vulnerability in the web-based management interface of Cisco Crosswork Change Automation could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to...
Cross site scripting
A vulnerability in the web-based management interface of Cisco Crosswork Change Automation could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to...
CVE-2019-16024 Cisco Crosswork Change Automation Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Crosswork Change Automation could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to...
CVE-2019-16024
Cisco Crosswork Change Automation web-based management interface is vulnerable to cross-site scripting (XSS) due to insufficient input validation. An unauthenticated, remote attacker could entice a user to click a crafted link, potentially executing arbitrary script in the user’s browser or acces...
CVE-2019-16024 Cisco Crosswork Change Automation Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Crosswork Change Automation could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected system. The vulnerability is due to...
Unauthorized Access Vulnerability in CloudBees Jenkins Redgate SQL Change Automation Plugin
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . CloudBees Jenkins Redgate SQL...
CVE-2020-2095
Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored an API key unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
CVE-2020-2095
Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored an API key unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
CVE-2020-2095
Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored an API key unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
CVE-2020-2095
CVE-2020-2095 affects the Jenkins Redgate SQL Change Automation Plugin (versions 2.0.4 and earlier). The vulnerability arises because an API key is stored unencrypted in job config.xml files on the Jenkins master, allowing viewing by users with Extended Read permission or access to the master fil...
PT-2020-15301 · Redgate +1 · Jenkins Redgate Sql Change Automation Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Redgate SQL Change Automation Plugin versions 2.0.4 and earlier Description: The issue concerns the storage of an API key in an unencrypted form in job config.xml files on the Jenkins master. This allows users with Extended Read...
Cisco Crosswork Change Automation Cross-Site Scripting Vulnerability
Cisco Crosswork Change Automation is an automated deployment solution for network devices from Cisco. A security vulnerability exists in the web management interface in Cisco Crosswork Change Automation Releases prior to 3.1, which stems from the interface failing to adequately validate...