Jenkins Quality Gates Plugin transmits credentials in plain text during configuration

Quality Gates Plugin stores credentials in its global configuration file quality.gates.jenkins.plugin.GlobalConfig.xml on the Jenkins controller as part of its configuration. While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration form b...

Jenkins QMetry for JIRA Plugin shows plain text password in configuration form

Jenkins QMetry for JIRA - Test Management Plugin stores a credential as part of its post-build step configuration. While the password is stored encrypted on disk since QMetry for JIRA - Test Management Plugin 1.13, it is transmitted in plain text as part of the configuration form. This can result...

GHSA-793W-Q2H5-8H5J Jenkins QMetry for JIRA Plugin shows plain text password in configuration form

Jenkins QMetry for JIRA - Test Management Plugin stores a credential as part of its post-build step configuration. While the password is stored encrypted on disk since QMetry for JIRA - Test Management Plugin 1.13, it is transmitted in plain text as part of the configuration form. This can result...

GHSA-53JW-4GWH-M8CM Jenkins LDAP Email Plugin shows plain text password in configuration form

Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...

GHSA-PXV2-MFQ7-VHP6 Jenkins Inedo BuildMaster Plugin showed plain text password in configuration form

Jenkins Inedo BuildMaster Plugin Plugin stores a service password in its global Jenkins configuration. While the password is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the password through browser extensions,...

Jenkins ElectricFlow Plugin is vulnerable to reflected cross site scripting vulnerability

The configuration forms of various post-build steps contributed by CloudBees CD Plugin were vulnerable to cross-site scripting. This allowed attackers able to control the output of connected ElectricFlow servers' APIs to inject arbitrary HTML and JavaScript into the configuration form. CloudBees ...

Jenkins Static Analysis Utilities Plugin is vulnerable to Cross-site request forgery vulnerability

Jenkins analysis-core Plugin has the capability to allow other plugins to display trend graphs for their static analysis results. analysis-core Plugin provides the configuration form for the default settings of each graph. The configuration form and form submission handler did not perform a...

GHSA-PGP5-RCWP-QVFG Moodle includes the WebDAV password in the configuration form

repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 includes the WebDAV password in the configuration form, which allows remote authenticated administrators to obtain sensitive information by configuring an instance...

Jenkins Folder-based Authorization Strategy Plugin Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both products of Jenkins, which is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The plugin fails to escape the role name displayed on the configuration form, which can ...

Jenkins Folder-based Authorization Strategy Plugin 跨站脚本漏洞

Jenkins and Jenkins Plugin are both products of Jenkins, which is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The plugin fails to escape the role name displayed on the configuration form, which can ...

The vulnerability of the CKEditor configuration form in the CiviCRM interaction and connection management web system allows a perpetrator to compromise data integrity by manipulating cross-site requests.

The vulnerability of the CKEditor configuration form in the CiviCRM interaction and connection management web system is related to the falsification of cross-site requests. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of data...

CiviCRM < 5.28.1 - CSRF to Stored XSS

The plugin was vulnerable to CSRF on the CKEditor Configuration Form. The vulnerability was discovered by sonarsource. Update to versions 5.28.1 and above to patch the vulnerability...

CVE-2020-36389

In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF...

CVE-2020-36389

In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF...

Jenkins Scriptler Plugin 跨站脚本漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in the Jenkins Scriptler Plugin that stems from the fact that Jenkins Scriptler Plugin...

Gophish Cross-Site Scripting Vulnerability (CNVD-2020-59719)

Gophish is a powerful open source phishing framework. A cross-site scripting vulnerability exists in Gophish versions prior to 0.11.0. An attacker can exploit this vulnerability by sending the "host" field on a configuration form to conduct cross-site scripting attacks...

CVE-2020-2232

Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure...

PT-2020-15360 · Jenkins · Jenkins Repository Connector Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Repository Connector Plugin versions 1.2.6 and earlier Description: The issue concerns the transmission of configured credentials in plain text as part of the global Jenkins configuration form. Although credentials are stored encrypte...

CVE-2020-2119

Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...

PT-2019-14700 · Jenkins · Jenkins Qmetry For Jira - Test Management Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins QMetry for JIRA - Test Management Plugin versions prior to 1.13 Description: The issue concerns the transmission of credentials in plain text as part of job configuration forms, potentially leading to their exposure. Although the...