GHSA-QM37-C4W6-H9V9 Missing Authorization in Jenkins XPath Configuration Viewer Plugin

XPath Configuration Viewer Plugin 1.1.1 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to access the XPath Configuration Viewer page. Given appropriate XPath expressions, this page grants access to job configuration XML data...

CVE-2022-34806

Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2022-34803

Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission config.xml, or access to the Jenkins controller file system...

CVE-2022-34806

Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

Design/Logic Flaw

Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2022-34806

Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2022-34803

The CVE-2022-34803 entry concerns Jenkins OpsGenie Plugin 1.9 and earlier, which stores API keys unencrypted in the plugin’s global configuration file and in job config.xml on the Jenkins controller. The keys can be viewed by users with Extended Read permission (config.xml) or by anyone with acce...

Jenkins Plugin OpsGenie 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...

PT-2022-22358 · Jenkins · Jenkins Jigomerge Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Jigomerge Plugin versions 0.9 and earlier Description: The issue allows passwords to be stored unencrypted in job config.xml files on the Jenkins controller. Users with Extended Read permission or access to the Jenkins controller file...

Plaintext Storage of a Password in Jenkins Convertigo Mobile Platform Plugin

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

Jenkins Convertigo Mobile Platform Plugin信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins Convertigo Mobile Platform Plug...

CVE-2022-34199

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

Design/Logic Flaw

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2022-34199

CVE-2022-34199 concerns the Jenkins Convertigo Mobile Platform Plugin (version 1.1 and earlier). The vulnerability arises because passwords are stored unencrypted in the plugin’s configuration files (job config.xml) on the Jenkins controller, making them viewable by users with Extended Read permi...

Jenkins Plugin Convertigo Mobile Platform 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins Convertigo Mobile Platform Plug...

PT-2022-22068 · Jenkins · Jenkins Convertigo Mobile Platform Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Convertigo Mobile Platform Plugin versions 1.1 and earlier Description: The issue allows passwords to be stored unencrypted in job config.xml files on the Jenkins controller. This can be viewed by users with Extended Read permission o...

GHSA-5C2C-CVG6-GHJM Password stored in plain text by Jenkins Nomad Plugin

Jenkins Nomad Plugin 0.7.4 and earlier stores the passwords to authenticate against the Docker registry unencrypted in the global config.xml file on the Jenkins controller as part of its worker templates configuration. These passwords can be viewed by users with access to the Jenkins controller...

Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin

Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

GHSA-CG4H-CFJP-H3X2 Password stored in plain text by Jenkins VMware Lab Manager Slaves Plugin

Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

GHSA-485Q-V457-3P58 Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin

Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...