70 matches found
Jenkins Google Play Android Publisher Plugin allows attacker to obtain credential IDs
An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain credential IDs. As of version 1.7, enumeration of credentials IDs and validation of specified credentials i...
Jenkins HipChat Plugin allows attackers with Overall/Read access to obtain credential IDs
An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins. As of version 2.2.1, an enumeration of credentials IDs in this plugin...
Jenkins Pipeline Phoenix AutoTest Plugin访问控制错误漏洞
Jenkins Pipeline is a set of plug-ins that support the implementation and integration of continuous delivery pipelines into Jenkins.An access control error vulnerability exists in Jenkins Pipeline Phoenix AutoTest Plugin 1.3 and earlier, which stems from the plugin not performing permission check...
Jenkins Kubernetes Continuous Deploy Plugin has an unspecified vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability can be exploited by an attacker with Overall/Read privilege...
Jenkins Conjur Secrets Plugin授权问题漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Conjur Secrets Plugin 1.0.11 and earlier versions are vulnerable to an authorization issue that stems from not...
CVE-2022-20619
A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Rancher Labs Rancher Access Control Error Vulnerability
Rancher Labs Rancher is an open source enterprise container management platform from Rancher Labs, Inc. An access control error vulnerability exists in Rancher Labs Rancher, which stems from the product's lack of effective privilege management for creating cloud credential IDs, which could be...
Rancher Labs Rancher 安全漏洞
Rancher Labs Rancher is an open source enterprise container management platform from Rancher Labs, Inc. An access control error vulnerability exists in Rancher Labs Rancher, which stems from the product's lack of effective privilege management for creating cloud credential IDs, which could be...
PT-2021-14696 · Jenkins · Jenkins Xray - Test Management For Jira Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Xray - Test Management for Jira Plugin versions 2.4.0 and earlier Description: The issue concerns a lack of permission check in an HTTP endpoint, allowing users with Overall/Read permission to enumerate credentials IDs of credentials...
CVE-2021-21643
Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins...
PT-2021-14686 · Jenkins · Jenkins Config File Provider Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Config File Provider Plugin versions 3.7.0 and earlier Description: The issue concerns incorrect permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentia...
PT-2021-14679 · Jenkins · Jenkins Team Foundation Server Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Team Foundation Server Plugin versions 5.157.1 and earlier Description: A missing permission check in the Jenkins Team Foundation Server Plugin allows attackers with Overall/Read permission to enumerate credentials ID of credentials...
Jenkins Team Foundation Server 安全漏洞
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An improper authorization...
PT-2021-14668 · Amazon +2 · Aws Parameter Store Build Wrapper +4
Name of the Vulnerable Software and Affected Versions: Jenkins CloudBees AWS Credentials Plugin versions 1.28 and earlier Description: The issue allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins under certain circumstances. This can...
jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials IDs
A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
PT-2020-15543 · Jenkins · Jenkins Azure Key Vault Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Azure Key Vault Plugin versions 2.0 and earlier Description: A missing permission check in the Jenkins Azure Key Vault Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
PT-2020-15418 · Jenkins · Jenkins Fortify On Demand Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Fortify on Demand Plugin versions 5.0.1 and earlier Description: A missing permission check in the Jenkins Fortify on Demand Plugin allows attackers with Overall/Read permission to connect to the globally configured Fortify on Demand...
Unauthorized Postings And Removals
keycloak-services is vulnerable to unauthorized postings and removals. Posting different credential IDs can be done by using the remove devices form, subsequently possibly to perform unauthorized removal of MFA devices of other users...
CVE-2020-10686
A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in Keycloak version 9.0.1, where a malicious user registers as oneself. The attacker could then use the remove devices form to post different credential IDs and possibly remove MFA devices for other users...
CloudBees Jenkins Libvirt Slaves Plugin Enumeration Credentials Vulnerability
CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Libvirt Slaves Plugin is used in one of the plug-in for controlling guest domains...