RHCOS 4 : OpenShift Container Platform 4.5.41 (RHSA-2021:2431)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2431 advisory. - jetty: local temporary directory hijacking vulnerability CVE-2020-27216 - jetty: buffer not correctly recycled in Gzip Request...

RHCOS 3 : OpenShift Container Platform 3.11.462 (RHSA-2021:2517)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2517 advisory. - jetty: local temporary directory hijacking vulnerability CVE-2020-27216 - jetty: buffer not correctly recycled in Gzip Request...

EUVD-2022-5440

Malicious code in bioql PyPI...

EUVD-2022-5101

Malicious code in bioql PyPI...

EUVD-2022-3337

Malicious code in bioql PyPI...

EUVD-2022-2798

Malicious code in bioql PyPI...

CVE-2017-1000104

The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. Users with only Overall/Read access to Jenkins were able to access URLs directly that allowed viewing these files. Access to view these files now requires sufficient...

jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin

A flaw was found in the Config File Provider Jenkins Plugin. Affected versions of this plugin do not mask replace with asterisks credentials specified in configuration files when they're written to the build log...

CVE-2023-40339

A flaw was found in the Config File Provider Jenkins Plugin. Affected versions of this plugin do not mask replace with asterisks credentials specified in configuration files when they're written to the build log...

Jenkins Config File Provider Plugin improper credential masking vulnerability

Jenkins Config File Provider Plugin 952.va544a6234b46 and earlier does not mask i.e., replace with asterisks credentials specified in configuration files when they’re written to the build log. Config File Provider Plugin 953.v0432a802e4d2 masks credentials configured in configuration files if the...

Jenkins NodeJS Plugin improper credential masking vulnerability

Jenkins NodeJS Plugin integrates with Config File Provider Plugin to specify custom NPM settings, including credentials for authentication, in a Npm config file. NodeJS Plugin 1.6.0 and earlier does not properly mask i.e., replace with asterisks credentials specified in the Npm config file in...

GHSA-PV2G-VM98-VJXF Jenkins Config File Provider Plugin improper credential masking vulnerability

Jenkins Config File Provider Plugin 952.va544a6234b46 and earlier does not mask i.e., replace with asterisks credentials specified in configuration files when they’re written to the build log. Config File Provider Plugin 953.v0432a802e4d2 masks credentials configured in configuration files if the...

GHSA-36FG-WHR2-G999 Jenkins NodeJS Plugin improper credential masking vulnerability

Jenkins NodeJS Plugin integrates with Config File Provider Plugin to specify custom NPM settings, including credentials for authentication, in a Npm config file. NodeJS Plugin 1.6.0 and earlier does not properly mask i.e., replace with asterisks credentials specified in the Npm config file in...

CVE-2023-40339

Jenkins Config File Provider Plugin 952.va544a6234b46 and earlier does not mask i.e., replace with asterisks credentials specified in configuration files when they're written to the build log...

CVE-2023-40339

Jenkins Config File Provider Plugin 952.va544a6234b46 and earlier does not mask i.e., replace with asterisks credentials specified in configuration files when they're written to the build log...

Code injection

Jenkins Config File Provider Plugin 952.va544a6234b46 and earlier does not mask i.e., replace with asterisks credentials specified in configuration files when they're written to the build log...

CVE-2023-40339

Jenkins Config File Provider Plugin 952.va544a6234b46 and earlier does not mask i.e., replace with asterisks credentials specified in configuration files when they're written to the build log...

CVE-2023-40339

CVE-2023-40339 affects the Jenkins Config File Provider Plugin (versions including 952.va_544a_6234b_46 and earlier). The issue is that credentials specified in configuration files are not masked (not replaced with asterisks) when written to the build log, potentially exposing secrets. Public adv...

CVE-2023-40339

Jenkins Config File Provider Plugin 952.va544a6234b46 and earlier does not mask i.e., replace with asterisks credentials specified in configuration files when they're written to the build log...

CVE-2023-40339

Jenkins Config File Provider Plugin 952.va544a6234b46 and earlier does not mask i.e., replace with asterisks credentials specified in configuration files when they're written to the build log...