Lucene search
+L

154 matches found

redhat
redhat
added 2021/11/29 10:40 a.m.4 views

jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path

A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the...

9.8CVSS5.8AI score0.02451EPSS
Exploits0References5
redhat
redhat
added 2021/11/29 10:40 a.m.6 views

jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path

An incorrect permissions validation vulnerability was found in Jenkins. The operations FilePathrenameTo and FilePathmoveAllChildrenTo only check read permission on the source path which may allow an attacker who has access to these operations to be able to read and write to arbitrary files on the...

9.8CVSS5.8AI score0.02034EPSS
Exploits0References5
cnvd
cnvd
added 2021/11/08 12:0 a.m.26 views

Jenkins has an unspecified vulnerability (CNVD-2021-88721)

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins suffers from a security vulnerability that stems from multiple vulnerabilities in the file path filtering...

9.8CVSS1.5AI score0.02034EPSS
Exploits0References1
redhatcve
redhatcve
added 2021/11/04 4:52 p.m.30 views

CVE-2021-21687

An incorrect permissions validation vulnerability was found in Jenkins. The FilePathuntar does not check permission to create symbolic links when unarchiving a symbolic link, which may allow an attacker to get read and write access to arbitrary files on the Jenkins controller file system...

9.1CVSS8.7AI score0.01342EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2021/11/04 12:0 a.m.3 views

PT-2021-14729 · Jenkins · Jenkins Subversion Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Plugin versions 2.15.0 and earlier Description: The issue allows attackers who can control agent processes to read arbitrary files on the Jenkins controller file system. This is because the plugin does not restrict the name...

7.5CVSS8.4AI score0.02073EPSS
Exploits0References8
nvd
nvd
added 2021/08/31 2:15 p.m.29 views

CVE-2021-21681

Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

5.5CVSS0.003EPSS
Exploits0References2
cvelist
cvelist
added 2021/01/13 3:55 p.m.36 views

CVE-2021-21612

Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

6AI score0.00334EPSS
Exploits0References1
cvelist
cvelist
added 2020/11/04 2:35 p.m.38 views

CVE-2020-2318

Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

6.4AI score0.01032EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2020/11/04 12:0 a.m.6 views

PT-2020-15552 · Jenkins Ci +1 · Jenkins Mail Commander Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Mail Commander Plugin for Jenkins-ci Plugin version 1.0.0 and earlier Description: The issue concerns the storage of passwords in an unencrypted manner in job config.xml files on the Jenkins controller. These passwords can be accessed...

6.5CVSS6.4AI score0.01032EPSS
Exploits0References7
cnvd
cnvd
added 2020/10/11 12:0 a.m.3 views

CloudBees Jenkins SMS Notification Plugin Unauthorized Access Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Audit Trail Plugin is used in one of the audi...

3.3CVSS6.6AI score0.00335EPSS
Exploits0References1
cnvd
cnvd
added 2020/09/02 12:0 a.m.6 views

CloudBees Jenkins Information Disclosure Vulnerability (CNVD-2020-51391)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...

4.3CVSS6.6AI score0.00524EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2020/09/01 1:50 p.m.44 views

CVE-2020-2249

Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...

3.3CVSS3.5AI score0.00257EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2019/09/25 12:0 a.m.8 views

PT-2019-11818 · Jenkins · Jenkins Eloyente Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins elOyente Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file of the Jenkins master. Specifically, the elOyente Plugin stores a...

5.5CVSS5.4AI score0.00348EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2019/04/04 12:0 a.m.5 views

PT-2019-11365 · Jenkins · Jenkins Audit To Database Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Audit to Database Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file. Specifically, database credentials are stored unencrypt...

8.8CVSS8.4AI score0.01365EPSS
Exploits0References6
Rows per page
Query Builder