Jenkins Open STF Plugin stores credentials in plain text

Jenkins Open STF Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

GHSA-7MFP-938R-FCFJ Jenkins hyper.sh Commons Plugin stores credentials in plain text

Jenkins Hyper.sh Commons Plugin stores credentials unencrypted in its global configuration file sh.hyper.plugins.hypercommons.Tools.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

GHSA-CQ9M-RPM5-27M9 Jenkins Perfecto Mobile Plugin stores credentials in plain text

Jenkins Perfecto Mobile Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

Jenkins Octopus Deploy Plugin stores credentials in plain text

Jenkins Octopus Deploy Plugin stores credentials unencrypted in its global configuration file hudson.plugins.octopusdeploy.OctopusDeployPlugin.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

Jenkins Minio Storage Plugin stores credentials in plain text

Jenkins Minio Storage Plugin stores credentials unencrypted in its global configuration file org.jenkinsci.plugins.minio.MinioUploader.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

GHSA-JVR5-R663-QXGW Jenkins Sametime Plugin stores credentials in plain text

Jenkins Sametime Plugin stores credentials unencrypted in its global configuration file hudson.plugins.sametime.im.transport.SametimePublisher.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

Jenkins Netsparker Enterprise Scan Plugin stored credentials in plain text

Jenkins Netsparker Enterprise Scan Plugin stored API tokens unencrypted in its global configuration file com.netsparker.cloud.plugin.NCScanBuilder.xml on the Jenkins controller. These API tokens could be viewed by users with access to the Jenkins controller file system. Netsparker Enterprise Scan...

GHSA-7HF6-HGGP-VVP9 Jenkins CloudCoreo DeployTime Plugin stores credentials in plain text

Jenkins CloudCoreo DeployTime Plugin stores credentials unencrypted in its global configuration file com.cloudcoreo.plugins.jenkins.CloudCoreoBuildWrapper.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

GHSA-M7Q8-8G56-M78W Jenkins Netsparker Enterprise Scan Plugin stored credentials in plain text

Jenkins Netsparker Enterprise Scan Plugin stored API tokens unencrypted in its global configuration file com.netsparker.cloud.plugin.NCScanBuilder.xml on the Jenkins controller. These API tokens could be viewed by users with access to the Jenkins controller file system. Netsparker Enterprise Scan...

GHSA-X464-R7F4-GJ3M Jenkins Koji Plugin stores credentials in plain text

Jenkins Koji Plugin stores credentials unencrypted in its global configuration file org.jenkinsci.plugins.koji.KojiBuilder.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

GHSA-RWRX-HRF2-V577 Jenkins Serena SRA Deploy Plugin stores credentials in plain text

Jenkins Serena SRA Deploy Plugin stores credentials unencrypted in its global configuration file com.urbancode.ds.jenkins.plugins.serenarapublisher.UrbanDeployPublisher.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials in plain text

Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials unencrypted in its global configuration file org.jenkinsci.plugins.relutionpublisher.configuration.global.StoreConfiguration.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins...

Jenkins Serena SRA Deploy Plugin stores credentials in plain text

Jenkins Serena SRA Deploy Plugin stores credentials unencrypted in its global configuration file com.urbancode.ds.jenkins.plugins.serenarapublisher.UrbanDeployPublisher.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

Jenkins Assembla Auth Plugin stores credentials in plain text

Jenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

Bolt Cross Site Request Forgery (CSRF)

Cross Site Request Forgery CSRF in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file...

Input validation

On various RAD-ISM-900-EN- devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root privileges on the OS due to an improper validation of an integrity check value in all versions of the firmware...

CVE-2022-29898 Remote Code Execution in all versions of various RAD-ISM-900-EN-* devices by PHOENIX CONTACT

On various RAD-ISM-900-EN- devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root privileges on the OS due to an improper validation of an integrity check value in all versions of the firmware...

Open-Xchange: Privilege escalation possible in dovecot when similar passdbs are used

Summary --------- Privilege escalation is possible as a result of incorrect security code logic for dovecot passdb definitions. Description ------------ When two passdb configuration entries exist in the dovecot configuration which have the same driver and args settings, the incorrect...

GHSA-G7P7-X6W7-W6QG Arbitrary file deletion in gitea

An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attackers to cause a Denial of Service DoS via deleting the configuration file...

Gitea < 1.16.4 DoS Vulnerability

Gitea is prone to a denial of service DoS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...