47 matches found
Authorization
Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied...
CVE-2019-10367
The CVE-2019-10367 entry concerns Jenkins Configuration as Code Plugin where Jenkins Configuration as Code Plugin 1.26 and earlier failed to properly mask certain values when logging the configuration being applied. This stems from an incomplete fix of CVE-2019-10343, not fully masking secrets in...
PT-2019-11763 · Jenkins · Jenkins Configuration As Code Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Configuration as Code Plugin versions 1.26 and earlier Description: The issue arises from an incomplete fix that did not properly apply masking to some values expected to be hidden when logging the configuration being applied. This...
CloudBees Jenkins Configuration as Code Plugin License Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . Configuration as Code Plugin is used in which a Jenki...
CloudBees Jenkins Configuration as Code Plugin Trust Issues Management Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . Configuration as Code Plugin is used in which a Jenki...
CloudBees Jenkins Configuration as Code Plugin Input Validation Error Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . Configuration as Code Plugin is used in which a Jenki...
CloudBees Jenkins Configuration as Code plugin log information leakage vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . Configuration as Code Plugin is used in which a Jenki...
Design/Logic Flaw
Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins...
CVE-2019-10344
CVE-2019-10344 affects Jenkins Configuration as Code Plugin (versions 1.24 and earlier). The issue is missing permission checks on various HTTP endpoints, allowing users with Overall/Read access to access the generated schema and documentation for the plugin, which contains detailed information a...
CVE-2019-10363
The CVE-2019-10363 issue affects Jenkins Configuration as Code Plugin versions 1.24 and earlier, where the plugin did not reliably identify sensitive values in the YAML export as encrypted, enabling potential exposure of credentials. The root cause is tied to handling of the Secret type when expo...
CVE-2019-10362
CVE-2019-10362 relates to the Jenkins Configuration as Code Plugin (versions ≤ 1.24). The issue arises because values were not escaped, enabling variable interpolation during configuration export/import. As a result, users with permission to modify Jenkins system configuration could obtain the va...
PT-2019-11742 · Jenkins · Jenkins Configuration As Code Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Configuration as Code Plugin versions 1.24 and earlier Jenkins Configuration as Code Plugin versions 0.8-alpha through 1.0 Description: The issue concerns the logging of configuration changes by the Configuration as Code Plugin, where...
PT-2019-11743 · Jenkins · Jenkins Configuration As Code Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Configuration as Code Plugin versions 1.24 and earlier Description: The issue concerns missing permission checks in various HTTP endpoints, allowing users with Overall/Read access to access the generated schema and documentation for t...
PT-2019-11758 · Jenkins · Jenkins Configuration As Code Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Configuration as Code Plugin versions 1.24 and earlier Description: The issue allows attackers with permission to change Jenkins system configuration to obtain the values of environment variables due to variable interpolation during...
PT-2019-11759 · Jenkins · Jenkins Configuration As Code Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Configuration as Code Plugin versions 1.24 and earlier Description: The issue concerns the Jenkins Configuration as Code Plugin, which did not reliably identify sensitive values expected to be exported in their encrypted form...
CloudBees Jenkins Configuration as Code Plugin Information Disclosure Vulnerability (CNVD-2019-42749)
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . Configuration as Code Plugin is used in which a Jenki...
CloudBees Jenkins Configuration as Code Plugin Information Disclosure Vulnerability
CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task...
CloudBees Jenkins Configuration as Code Plugin Information Disclosure Vulnerability
CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task...
Design/Logic Flaw
A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration...
CVE-2018-1000609
A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration...