Lucene search
K

70 matches found

CVE
CVE
added 2022/06/22 2:41 p.m.97 views

CVE-2022-34195

CVE-2022-34195 relates to the Jenkins Repository Connector Plugin (versions

5.4CVSS5.2AI score0.00753EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/06/22 12:0 a.m.7 views

PT-2022-22064 · Jenkins +1 · Jenkins +2

Name of the Vulnerable Software and Affected Versions: Jenkins Repository Connector Plugin versions 2.2.0 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability that occurs because the Jenkins Repository Connector Plugin does not escape the name and description of...

8CVSS5.7AI score0.00753EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/06/22 12:0 a.m.6 views

Jenkins Plugin Repository Connector 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exist...

5.4CVSS5.7AI score0.00753EPSS
Exploits0References4
OSV
OSV
added 2022/05/24 5:10 p.m.17 views

GHSA-4FJC-FWJ2-7XFG Credentials transmitted in plain text by Repository Connector Plugin

Repository Connector Plugin stores credentials in its global configuration file org.jvnet.hudson.plugins.repositoryconnector.RepositoryConfiguration.xml on the Jenkins controller as part of its configuration. While the credentials are stored encrypted on disk, they are transmitted in plain text a...

3.1CVSS5AI score0.00614EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 5:10 p.m.18 views

Credentials transmitted in plain text by Repository Connector Plugin

Repository Connector Plugin stores credentials in its global configuration file org.jvnet.hudson.plugins.repositoryconnector.RepositoryConfiguration.xml on the Jenkins controller as part of its configuration. While the credentials are stored encrypted on disk, they are transmitted in plain text a...

5.3CVSS5AI score0.00614EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/13 1:48 a.m.16 views

GHSA-5FQ9-X9F4-X2R2 Jenkins z/OS Connector Plugin allows local attacker to retrieve configured password

A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser e.g. malicious extension to retrieve the configured password. IBM...

3.3CVSS6.7AI score0.01012EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/13 1:48 a.m.16 views

Jenkins z/OS Connector Plugin allows local attacker to retrieve configured password

A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser e.g. malicious extension to retrieve the configured password. IBM...

7.2CVSS3.5AI score0.01012EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/13 1:15 a.m.16 views

GHSA-99JC-V8PQ-6QM4 Jenkins Repository Connector Plugin has insufficiently protected credentials

Jenkins Repository Connector Plugin stored the username and password in its configuration unencrypted in its global configuration file on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system. The plugin now stores the password encrypted ...

3.3CVSS7.5AI score0.00393EPSS
Exploits0References3
NVD
NVD
added 2021/02/24 4:15 p.m.22 views

CVE-2021-21618

Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS0.82237EPSS
Exploits0References1
Prion
Prion
added 2021/02/24 4:15 p.m.16 views

Cross site scripting

Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

3.5CVSS5.3AI score0.82237EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/02/24 3:5 p.m.82 views

CVE-2021-21618

CVE-2021-21618 concerns the Jenkins Repository Connector Plugin (versions

5.4CVSS5.4AI score0.82237EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/03/09 4:15 p.m.23 views

CVE-2020-2149

Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure...

5.3CVSS5.3AI score0.00614EPSS
Exploits0References2
OSV
OSV
added 2020/03/09 4:15 p.m.19 views

CVE-2020-2149

Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure...

5.3CVSS6.8AI score
Exploits0References2
CVE
CVE
added 2020/03/09 3:1 p.m.64 views

CVE-2020-2149

CVE-2020-2149 affects Jenkins Repository Connector Plugin (versions 1.2.6 and earlier). The flaw is that configured credentials are transmitted in plain text as part of the global Jenkins configuration form, even though credentials are stored encrypted on disk in RepositoryConfiguration.xml. This...

5.3CVSS5.3AI score0.00614EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/03/09 12:0 a.m.7 views

PT-2020-15360 · Jenkins · Jenkins Repository Connector Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Repository Connector Plugin versions 1.2.6 and earlier Description: The issue concerns the transmission of configured credentials in plain text as part of the global Jenkins configuration form. Although credentials are stored encrypte...

5.3CVSS4.8AI score0.00614EPSS
Exploits0References7
Hacker One
Hacker One
added 2019/10/14 12:47 p.m.253 views

QIWI: Unauthenticated SSRF in jira.tochka.com leading to RCE in confluence.bank24.int

Summary This report describes a combination of two separate vulnerabilities in two separate services. This chain of vulnerabilities allows unauthenticated attacker to run arbitrary code on a server inside the company's internal network. Vulnerability 1 Jira at https://jira.tochka.com is vulnerabl...

10CVSS0.1AI score0.99913EPSS
Exploits22
CVE
CVE
added 2019/08/28 11:54 a.m.40 views

CVE-2015-9362

CVE-2015-9362 concerns the WordPress Post Connector plugin prior to 1.0.4, where an XSS flaw exists through the use of add_query_arg() and remove_query_arg(). The vulnerability is in the Post Connector plugin for WordPress, which is affected by untrusted input that can be reflected in the page ou...

6.1CVSS6AI score0.00923EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/03/08 9:29 p.m.18 views

CVE-2019-1003038

An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java,...

7.8CVSS7.6AI score0.00393EPSS
Exploits0References2
Prion
Prion
added 2019/03/08 9:29 p.m.17 views

Design/Logic Flaw

An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java,...

2.1CVSS7.5AI score0.00393EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2019/03/08 9:29 p.m.14 views

CVE-2019-1003038

An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java,...

7.8CVSS6.5AI score
Exploits0References2
Rows per page
Query Builder