EUVD-2022-3100

Malicious code in bioql PyPI...

EUVD-2022-2145

Malicious code in bioql PyPI...

CVE-2019-10344

Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins...

CVE-2019-10362

Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change Jenkins system configuration to obtain the values of environment variables...

CVE-2018-1000610

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords...

CVE-2018-1000609

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration...

Insertion of Sensitive Information into Log File in Jenkins Configuration as Code Plugin

Configuration as Code Plugin logs the changes it applies to the Jenkins system log. Secrets such as passwords should be masked i.e. replaced with asterisks in that log to prevent accidental disclosure. Between Configuration as Code Plugin 0.8-alpha and 1.0, log messages contained values if the...

Jenkins Configuration as Code Plugin has Insufficiently Protected Credentials

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords...

GHSA-8486-H39X-CX2F Jenkins Configuration as Code Plugin has Insufficiently Protected Credentials

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords...

CVE-2022-23106

Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token...

GHSA-FPJ7-9XM6-8HGR Observable Discrepancy and Observable Timing Discrepancy in Jenkins Configuration as Code Plugin

Jenkins Configuration as Code Plugin prior to 1.55.1, 1.54.1, 1.53.1, and 1.47.1 does not use a constant-time comparison when checking whether two authentication tokens are equal. This could potentially allow attackers to use statistical methods to obtain a valid authentication token. Configurati...

Observable Discrepancy and Observable Timing Discrepancy in Jenkins Configuration as Code Plugin

Jenkins Configuration as Code Plugin prior to 1.55.1, 1.54.1, 1.53.1, and 1.47.1 does not use a constant-time comparison when checking whether two authentication tokens are equal. This could potentially allow attackers to use statistical methods to obtain a valid authentication token. Configurati...

CVE-2022-23106

Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token...

Jenkins 安全漏洞

Jenkins Plugin is an open source application for Jenkins. A security vulnerability exists in Jenkins Plugin Configuration, which stems from the use of non-constant time comparison functions in validating authentication tokens in Jenkins Configuration as Code Plugin 1.55 and earlier, allowing an...

PT-2022-15848 · Jenkins · Jenkins Configuration As Code Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Configuration as Code Plugin versions 1.55 and earlier Description: The issue arises from the use of a non-constant time comparison function when validating an authentication token, allowing attackers to potentially use statistical...

Cross-site Scripting in Jenkins Dashboard View Plugin

Jenkins Dashboard View Plugin prior to 2.16 and 2.12.1 does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with View/Configure permission. As part of this fix, the property for image URLs was changed fr...

CloudBees Jenkins Configuration as Code Information Disclosure Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . Configuration as Code Plugin is used in which a Jenki...

CloudBees Jenkins Configuration as Code Plugin Security Feature Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . Configuration as Code Plugin is used in which a Jenki...

CVE-2019-10367

Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied...

CVE-2019-10367

Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied...