519 matches found
CVE-2020-2319
Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
PT-2020-15553 · Cloudbees +2 · Jenkins +1
Name of the Vulnerable Software and Affected Versions: Jenkins VMware Lab Manager Slaves Plugin versions 0.2.8 and earlier Description: The issue concerns the storage of a password in an unencrypted form in the global config.xml file on the Jenkins controller. This allows users with access to the...
CVE-2020-2250
Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system...
CVE-2020-2250
Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system...
Design/Logic Flaw
Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system...
CVE-2020-2250
Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system...
PT-2020-15474 · Readyapi +1 · Readyapi Functional Testing Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins SoapUI Pro Functional Testing Plugin versions 1.3 and earlier ReadyAPI Functional Testing Plugin versions 1.3 and earlier Description: The issue concerns the storage of project passwords in an unencrypted manner within job config.xml...
CVE-2020-2213
Jenkins White Source Plugin 19.1.1 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission config.xml, or access to the master file system...
CVE-2020-2209
Jenkins TestComplete support Plugin 2.4.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2020-2209
Jenkins TestComplete support Plugin 2.4.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...
Design/Logic Flaw
Jenkins Slack Upload Plugin 1.7 and earlier stores a secret unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...
Design/Logic Flaw
Jenkins TestComplete support Plugin 2.4.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2020-2213
Jenkins White Source Plugin 19.1.1 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission config.xml, or access to the master file system...
CVE-2020-2208
Jenkins Slack Upload Plugin 1.7 and earlier stores a secret unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2020-2208
Concisely, CVE-2020-2208 affects Jenkins Slack Upload Plugin versions 1.7 and earlier. The root cause is that a secret is stored unencrypted in job config.xml files on the Jenkins master, allowing disclosure to users with Extended Read permission or access to the master filesystem. Impact describ...
CVE-2020-2198
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure...
CVE-2020-2177
Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
Design/Logic Flaw
Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2020-2177
Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2020-2177
CVE-2020-2177 affects the Jenkins Copr Plugin (versions 0.3 and earlier). The vulnerability stems from credentials being stored unencrypted in job config.xml files on the Jenkins master, enabling disclosure to users with Extended Read permissions or anyone with access to the master filesystem. Ex...