CVE-2019-10280

Jenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

PT-2019-11354 · Jenkins · Jenkins Aws-Device-Farm Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins aws-device-farm Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file of the Jenkins aws-device-farm Plugin. Specifically,...

PT-2019-11682 · Jenkins · Jenkins Assembla Auth Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Assembla Auth Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner in the global config.xml configuration file on the Jenkins master. This allows users with access ...

PT-2019-11679 · Jenkins · Jenkins Starteam Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins StarTeam Plugin affected versions not specified Description: The issue allows credentials to be stored unencrypted in job config.xml files on the Jenkins master. Users with Extended Read permission or access to the master file system...

PT-2019-11352 · Jenkins · Jenkins Aws Cloudwatch Logs Publisher Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins AWS CloudWatch Logs Publisher Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller...

PT-2019-11361 · Jenkins · Jenkins Octopusdeploy Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins OctopusDeploy Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller. Specifically, the...

PT-2019-11697 · Jenkins +1 · Jenkins Crittercism-Dsym Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins crittercism-dsym Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within job config.xml files on the Jenkins master or controller. These credentials can be...

PT-2019-11690 · Jenkins · Jenkins Jabber Server Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Jabber Server Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller. Specifically, credentia...

PT-2019-11344 · Jenkins · Jenkins Jira Issue Updater Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Jira Issue Updater Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within job config.xml files on the Jenkins master or controller. These credentials can be...

Privilege escalation

Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and importxiconfig.php...

CVE-2019-1601

A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker coul...

jenkins-plugin-config-file-provider: Stored XSS vulnerability in Config File Provider Plugin (SECURITY-1253)

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...

ph7CMS Social Dating Community 14.8 Database Configuration Disclosure

Exploit Title : ph7CMS Social Dating Community 14.8 Database Config Disclosure Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 14/02/2019 Vendor Homepage : ph7cms.com Software Download Link : ph7cms.com/social-dating-features/...

CVE-2019-3782

Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify...

Design/Logic Flaw

Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify...

CVE-2019-3782

Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify...

CVE-2019-3782 CredHub CLI writes environment variable credentials to disk

Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent config file. A local authenticated malicious user with access to the CredHub CLI config file can use these credentials to retrieve and modify...

CVE-2019-3782: CredHub CLI writes environment variable credentials to disk | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions CredHub CLI All versions prior to 2.2.1 Description Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writes authentication credentials provided via environment variables to its persistent...

CVE-2019-1003014

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...

Cross site scripting

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...