4649 matches found
CVE-2019-1003063
CVE-2019-1003063 affects the Jenkins Amazon SNS Build Notifier Plugin. The vulnerability arises because the plugin stores credentials unencrypted in the global configuration file on the Jenkins master, specifically in the org.jenkinsci.plugins.snsnotify.AmazonSNSNotifier.xml, which can be viewed ...
CVE-2019-1003062
Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-1003064
Jenkins aws-device-farm Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-1003069
Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-1003057
Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-1003062
Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-1003063
Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-1003057
Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
PT-2019-11693 · Jenkins · Jenkins Netsparker Cloud Scan Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins Netsparker Cloud Scan Plugin version 1.1.5 and older Jenkins Netsparker Enterprise Scan Plugin affected versions not specified Description: The issue concerns the storage of sensitive information in plain text within configuration fil...
PT-2019-11689 · Jenkins · Youtrack-Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins youtrack-plugin Plugin versions 0.7.1 and older Description: The issue concerns the storage of credentials in the global configuration file on the Jenkins master or controller. Specifically, credentials were stored unencrypted in the...
PT-2019-11341 · Jenkins · Jenkins Irc Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins IRC Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller. Specifically, credentials are...
PT-2019-11347 · Jenkins · Jenkins Bitbucket Approve Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Bitbucket Approve Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller. Specifically, the...
PT-2019-11378 · Jenkins · Jenkins Fabric Beta Publisher Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Fabric Beta Publisher Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within job config.xml files on the Jenkins master. This allows users with Extended Read...
PT-2019-11364 · Jenkins · Jenkins Hyper.Sh Commons Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Hyper.sh Commons Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller. Specifically,...
PT-2019-11359 · Jenkins · Jenkins Aqua Security Scanner Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Aqua Security Scanner Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file of the Jenkins Aqua Security Scanner Plugin...
Jfinal cms back-end template management system exists arbitrary file read vulnerability
Jfinal cms uses JFinal as a web framework , template engine with beetl, database with mysql, front-end bootstrap, flat ui and other frameworks. Jfinal cms back-end template management system there are arbitrary file reading vulnerability. Attackers can use this vulnerability to read the database...
CVE-2019-10015
baigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitrary PHP code via the first form field of a configuration screen, because this code is written to the BGSITENAME field in the optbase.inc.php file...
Default configuration
SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid...
CUJO Smart Firewall dhcpd.conf verified boot bypass
Summary An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots and firmware updates, and thus allow for executing unverified commands. To trigger this...
CVE-2018-19394
Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field e.g., Satellite name, and then restoring the...