CVE-2022-34803

Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission config.xml, or access to the Jenkins controller file system...

CVE-2022-34807

Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2022-34808

Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

CVE-2022-34809

Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2022-34802

Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

Design/Logic Flaw

Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission config.xml, or access to the Jenkins controller file system...

Design/Logic Flaw

Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

Design/Logic Flaw

Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2022-34816

The CVE-2022-34816 entry affects the Jenkins HPE Network Virtualization Plugin version 1.0. The vulnerability arises from passwords being stored unencrypted in the plugin’s global configuration on the Jenkins controller, specifically in the configuration file used by the NvEmulationBuilder (org.j...

CVE-2022-34816

Jenkins HPE Network Virtualization Plugin 1.0 stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

CVE-2022-34809

CVE-2022-34809 affects Jenkins RQM Plugin (versions 2.8 and earlier). Root cause: passwords stored unencrypted in the plugin’s global configuration file on the Jenkins controller (net.praqma.jenkins.rqm.RqmBuilder.xml), viewable by users with access to the controller filesystem. Impact: password ...

CVE-2022-34808

Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

CVE-2022-34805

Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2022-34803

Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission config.xml, or access to the Jenkins controller file system...

CVE-2022-34802

CVE-2022-34802 affects the Jenkins RocketChat Notifier Plugin and pertains to sensitive credentials exposure. The connected documents confirm that versions 1.5.2 and earlier store the login password and webhook token in plaintext in the plugin’s global configuration file on the Jenkins controller...

CVE-2022-34799

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

Jenkins Plugin Deployment Dashboard 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. stored in the global configuration file of the Jenkins controller, and an...

PT-2022-22359 · Jenkins · Jenkins Elasticsearch Query Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Elasticsearch Query Plugin versions 1.2 and earlier Description: The issue concerns the storage of a password in an unencrypted form within the global configuration file on the Jenkins controller. Specifically, the password is stored ...

Multiple TP-Link Wireless Extenders Unauthorized Profile Leakage Vulnerability

TP-Link WA850RE and others are all TP-Link's wireless extenders. A number of wireless extenders have unauthorized profile disclosure vulnerabilities, which can be exploited by remote attackers to access specific routes to unauthorized download of the target device's configuration file, which is...

MELAG FTP Server authorization issue vulnerability

MELAG FTP Server, an FTP server from MELAG Germany, is vulnerable to an authorization issue in MELAG FTP Server version 2.2.0.4, which stems from improper file permission management and could be exploited to cause the "Everyone" group to read local FTP configuration file, which includes informati...