4651 matches found
CVE-2019-10459
Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10461
Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
CVE-2019-10460
Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
CVE-2019-10460
Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
Design/Logic Flaw
Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
CVE-2019-10476
Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
CVE-2019-10460
The CVE-2019-10460 entry concerns the Jenkins Bitbucket OAuth Plugin (versions 0.9 and earlier) that stores credentials in plaintext in the global config.xml on the Jenkins master. Root cause: credentials are written unencrypted and accessible to anyone with master FS access. Impact: exposed cred...
CVE-2019-10459
CVE-2019-10459 affects Jenkins Mattermost Notification Plugin ≤ 2.7.0. The vulnerability stems from webhook URLs containing a secret token being stored unencrypted in the plugin’s global configuration and in job config.xml on the Jenkins master, enabling disclosure by users with Extended Read per...
[SECURITY] Fedora 31 Update: sudo-1.8.28-1.fc31
Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...
Joomla! 3.4.6 - Remote Code Execution
Joomla! 3.4.6 - Remote Code Execution Exploit Title: Joomla! 3.4.6 - Remote Code Execution Google Dork: N/A Date: 2019-10-02 Exploit Author: Alessandro Groppo Vendor Homepage: https//www.joomla.it/ Software Link: https://downloads.joomla.org/it/cms/joomla3/3-4-6 Version: 3.0.0 -- 3.4.6 Tested on:...
CVE-2019-10452
Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10440
Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10440
Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10450
Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-10453
CVE-2019-10453 affects the Jenkins Delphix Plugin, where credentials are stored in plaintext in the Jenkins master’s global configuration file. The root cause is unencrypted credential storage accessible to anyone with master FS access. Impact per the cited data includes exposure of credentials w...
CVE-2019-10453
Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-10450
Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-10450
Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
PT-2019-11844 · Jenkins · Jenkins Elasticbox Ci Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins ElasticBox CI Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global config.xml configuration file on the Jenkins master. This allows users with...
[SECURITY] Fedora 30 Update: sudo-1.8.28-1.fc30
Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...