PT-2022-18840 · Jenkins · Jenkins Proxmox Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Proxmox Plugin versions 0.5.0 and earlier Description: The issue concerns the storage of the Proxmox Datacenter password in an unencrypted manner within the global config.xml file on the Jenkins controller. This allows users with acce...

BuilderRevengeRAT XML Injection

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/531d8b4ac8f7eb827d62424169321b2b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BuilderRevengeRAT - Revenge-RAT v0.3 Vulnerability: XML External Entity Injection Description: The...

Jenkins Vmware vRealize CodeStream Plugin信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Vmware vRealize CodeStream Plugin...

Passwords stored in plain text by Jenkins Vmware vRealize CodeStream Plugin

Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

GHSA-8G9W-5JV6-7M4X Personal tokens stored in plain text by Jenkins incapptic connect uploader Plugin

Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2022-27217

Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2022-27217

Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2022-27218

Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2022-27206

Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2022-27218

CVE-2022-27218 affects Jenkins incapptic connect uploader Plugin 1.15 and earlier. The connected Red Hat/NVD/OSV/GHSA entries confirm that tokens are stored unencrypted in job config.xml files on the Jenkins controller and can be viewed by users with Extended Read permission or with access to the...

Jenkins Vmware vRealize CodeStream 插件安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Vmware vRealize CodeStream Plugin...

PT-2022-18293 · Jenkins · Jenkins Gitlab Authentication Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins GitLab Authentication Plugin versions 1.13 and earlier Description: The issue concerns the storage of the GitLab client secret in an unencrypted form within the global config.xml file on the Jenkins controller. This allows users with...

Atlassian Jira Server Data Center 8.16.0 - Arbitrary File Read

Exploit Title: Atlassian Jira Server Data Center 8.16.0 - Arbitrary File Read Date: 2021-10-05 Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira/download/data-center Version: versions 8.5.14, 8.6.0 ≤ version 8.13.6,...

Exploit for Forced Browsing in Atlassian Confluence_Data_Center

CVE-2021-26085 Atlassian Confluence Server 7.5.1 Pre-Authoriza...

Atlassian Confluence 7.12.2 - Pre-Authorization Arbitrary File Read

Exploit Title: Atlassian Confluence 7.12.2 - Pre-Authorization Arbitrary File Read Date: 2021-10-05 Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/confluence/download-archives Version: version 7.4.10 and 7.5.0 ≤ versio...

Atlassian Confluence 7.12.2 - Pre-Authorization Arbitrary File Read Vulnerability

Exploit Title: Atlassian Confluence 7.12.2 - Pre-Authorization Arbitrary File Read Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/confluence/download-archives Version: version 7.4.10 and 7.5.0 ≤ version 7.12.3 Tested o...

Atlassian Jira Server/Data Center 8.16.0 - Arbitrary File Read Vulnerability

Exploit Title: Atlassian Jira Server/Data Center 8.16.0 - Arbitrary File Read Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira/download/data-center Version: versions 8.5.14, 8.6.0 ≤ version 8.13.6, 8.14.0 ≤ version...

Atlassian Confluence Server 7.5.1 Arbitrary File Read

Exploit Title: Atlassian Confluence Server 7.5.1 Pre-Authorization Arbitrary File Read vulnerability Date: 2021-10-05 Exploit Author: Mayank Deshmukh Author email: [email protected] Vendor Homepage: https://www.atlassian.com/ Software Link:...

CloudBees Jenkins Nomad Plugin Information Disclosure Vulnerability

CloudBees Jenkins Hudson Labs is a Java-based continuous integration tool developed by CloudBees, Inc. An information disclosure vulnerability exists in CloudBees Jenkins Nomad Plugin 0.7.4 and prior versions. The vulnerability is caused by the program storing unencrypted Docker passwords in the...

CVE-2021-21681

Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...