70 matches found
CVE-2022-34195
CVE-2022-34195 relates to the Jenkins Repository Connector Plugin (versions
PT-2022-22064 · Jenkins +1 · Jenkins +2
Name of the Vulnerable Software and Affected Versions: Jenkins Repository Connector Plugin versions 2.2.0 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the Jenkins Repository Connector Plugin does not escape the name and description of...
Jenkins Plugin Repository Connector 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exist...
GHSA-4FJC-FWJ2-7XFG Credentials transmitted in plain text by Repository Connector Plugin
Repository Connector Plugin stores credentials in its global configuration file org.jvnet.hudson.plugins.repositoryconnector.RepositoryConfiguration.xml on the Jenkins controller as part of its configuration. While the credentials are stored encrypted on disk, they are transmitted in plain text a...
Credentials transmitted in plain text by Repository Connector Plugin
Repository Connector Plugin stores credentials in its global configuration file org.jvnet.hudson.plugins.repositoryconnector.RepositoryConfiguration.xml on the Jenkins controller as part of its configuration. While the credentials are stored encrypted on disk, they are transmitted in plain text a...
GHSA-5FQ9-X9F4-X2R2 Jenkins z/OS Connector Plugin allows local attacker to retrieve configured password
A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser e.g. malicious extension to retrieve the configured password. IBM...
Jenkins z/OS Connector Plugin allows local attacker to retrieve configured password
A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser e.g. malicious extension to retrieve the configured password. IBM...
GHSA-99JC-V8PQ-6QM4 Jenkins Repository Connector Plugin has insufficiently protected credentials
Jenkins Repository Connector Plugin stored the username and password in its configuration unencrypted in its global configuration file on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system. The plugin now stores the password encrypted ...
CVE-2021-21618
Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Cross site scripting
Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2021-21618
CVE-2021-21618 concerns the Jenkins Repository Connector Plugin (versions
CVE-2020-2149
Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure...
CVE-2020-2149
Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure...
CVE-2020-2149
CVE-2020-2149 affects Jenkins Repository Connector Plugin (versions 1.2.6 and earlier). The flaw is that configured credentials are transmitted in plain text as part of the global Jenkins configuration form, even though credentials are stored encrypted on disk in RepositoryConfiguration.xml. This...
PT-2020-15360 · Jenkins · Jenkins Repository Connector Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Repository Connector Plugin versions 1.2.6 and earlier Description: The issue concerns the transmission of configured credentials in plain text as part of the global Jenkins configuration form. Although credentials are stored encrypte...
QIWI: Unauthenticated SSRF in jira.tochka.com leading to RCE in confluence.bank24.int
Summary This report describes a combination of two separate vulnerabilities in two separate services. This chain of vulnerabilities allows unauthenticated attacker to run arbitrary code on a server inside the company's internal network. Vulnerability 1 Jira at https://jira.tochka.com is vulnerabl...
CVE-2015-9362
CVE-2015-9362 concerns the WordPress Post Connector plugin prior to 1.0.4, where an XSS flaw exists through the use of add_query_arg() and remove_query_arg(). The vulnerability is in the Post Connector plugin for WordPress, which is affected by untrusted input that can be reflected in the page ou...
CVE-2019-1003038
An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java,...
Design/Logic Flaw
An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java,...
CVE-2019-1003038
An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java,...