Lucene search
K

545 matches found

NVD
NVD
added 2022/06/23 5:15 p.m.21 views

CVE-2022-34199

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

6.5CVSS0.00647EPSS
Exploits0References1
OSV
OSV
added 2022/06/13 1:15 p.m.2 views

CVE-2022-1788

Due to missing checks the Change Uploaded File Permissions WordPress plugin through 4.0.0 is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made readable for everyone due to thi...

6.5CVSS5.5AI score0.00736EPSS
Exploits2References1
Github Security Blog
Github Security Blog
added 2022/05/24 7:12 p.m.22 views

Password stored in plain text by Jenkins Nomad Plugin

Jenkins Nomad Plugin 0.7.4 and earlier stores the passwords to authenticate against the Docker registry unencrypted in the global config.xml file on the Jenkins controller as part of its worker templates configuration. These passwords can be viewed by users with access to the Jenkins controller...

5.5CVSS5.5AI score0.003EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:10 p.m.24 views

Credentials transmitted in plain text by Jenkins DeployHub Plugin

DeployHub Plugin stores credentials in job config.xml files as part of its configuration. While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration form by DeployHub Plugin 8.0.14 and earlier. These credentials could be viewed by users wit...

4.3CVSS5AI score0.0064EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:10 p.m.17 views

Froxlor Information Disclosure

An issue was discovered in Froxlor before 0.10.14. It created files with static names in /tmp during installation if the installation directory was not writable. This allowed local attackers to cause DoS or disclose information out of the config files, because of createUserdataConf in...

6.1CVSS6.3AI score0.00322EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:8 p.m.23 views

Passwords stored in plain text by Harvest SCM Plugin

Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS6.2AI score0.00852EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/24 5:1 p.m.21 views

GHSA-JG29-C2QJ-WPM3 Jenkins Anchore Container Scanner Plugin vulnerable to Insufficiently Protected Credentials

Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. The credential being stored was a service password f...

6.5CVSS6.5AI score0.00852EPSS
Exploits0References4
OSV
OSV
added 2022/05/24 4:58 p.m.18 views

GHSA-HHHH-69QP-5P2V Jenkins Fortify on Demand Plugin stores credentials in plain text

Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission or access to the Jenkins controller file system...

4.3CVSS8.6AI score0.00676EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 4:58 p.m.19 views

Jenkins Fortify on Demand Plugin stores credentials in plain text

Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission or access to the Jenkins controller file system...

8.8CVSS8.2AI score0.00676EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 4:58 p.m.14 views

GHSA-8X6C-375H-PM4F Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin

Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

8.8CVSS8.7AI score0.00897EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/24 4:57 p.m.17 views

DingTalk Plugin stores credentials in plain text

Jenkins Dingding notifications Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

3.3CVSS7AI score0.00409EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 4:56 p.m.24 views

Jenkins Google Calendar Plugin has Insufficiently Protected Credentials

Google Calendar Plugin stores a calendar password unencrypted in job config.xml files on the Jenkins controller. This password can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. As of publication of this advisory, there is no fix...

6.5CVSS3.4AI score0.01001EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 4:56 p.m.18 views

Jenkins Call Remote Job Plugin has Insufficiently Protected Credentials

Call Remote Job Plugin stores a password unencrypted in job config.xml files on the Jenkins controller. This password can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. As of publication of this advisory, there is no fix...

6.5CVSS3.6AI score0.01001EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 4:51 p.m.16 views

Skytap Cloud CI Plugin stored credentials in plain text

Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS6.7AI score0.01482EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:25 a.m.18 views

Jenkins TestFairy Plugin stores credentials in plain text

Jenkins TestFairy Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS6.7AI score0.01676EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/13 1:17 a.m.11 views

GHSA-P6QR-286G-79RV Jenkins Jira Issue Updater Plugin stores credentials in plain text

Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

4.3CVSS8.7AI score0.01365EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/13 1:17 a.m.18 views

Jenkins VMware vRealize Automation Plugin Missing Encryption of Sensitive Data

Jenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

8.8CVSS6.8AI score0.01365EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:17 a.m.26 views

Jenkins Jira Issue Updater Plugin stores credentials in plain text

Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

8.8CVSS6.8AI score0.01365EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:15 a.m.28 views

Jenkins DeployHub Plugin stores credentials in plain text

Jenkins DeployHub Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

8.8CVSS6.8AI score0.01773EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:15 a.m.20 views

Jenkins mabl Plugin stores credentials in plain text

Jenkins mabl Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

8.8CVSS6.8AI score0.01773EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder