CVE-2022-27198

A cross-site request forgery CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

CVE-2022-27198

A cross-site request forgery CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

Jenkins CloudBees AWS Credentials 跨站请求伪造漏洞

Jenkins is a software project, a Java-based continuous integration tool for monitoring continuously recurring work, designed to provide an open and easy-to-use software platform that allows software projects to be continuously integrated. Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995...

PT-2022-18285 · Cloudbees +1 · Jenkins Cloudbees Aws Credentials Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins CloudBees AWS Credentials Plugin versions 189.v3551d5642995 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

jenkins-2-plugins/credentials: Reflected XSS vulnerability in Credentials Plugin

The reflected cross-site scripting XSS vulnerability was found in jenkins credentials plugin. On a view it there is no escape from provided by user information user-controlled...

GHSA-GCHQ-9R68-6JWV Cross-Site Request Forgery in Jenkins Credentials Plugin

Jenkins Credentials Plugin prior to 2.3.19, 2.3.15.1, 2.3.14.1, 2.3.13.1, 2.3.7.1, and 2.3.0.1 does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting XSS vulnerability. Jenkins Credentials Plugin 2.3.19, 2.3.15.1, 2.3.14.1, 2.3.13.1,...

Jenkins Credentials Plugin Cross-Site Scripting (CVE-2021-21648)

A reflected cross-site scripting vulnerability exists in Jenkins Credentials Plugin. This vulnerability is due to insufficient validation of user-controlled information on the upload certificate view provided by Credentials plugin...

CloudBees Jenkins Credentials Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

CVE-2021-21648

The reflected cross-site scripting XSS vulnerability was found in jenkins credentials plugin. On a view it there is no escape from provided by user information user-controlled...

CVE-2021-21648

Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting XSS vulnerability...

Cross site scripting

Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting XSS vulnerability...

CVE-2021-21648

CVE-2021-21648 affects Jenkins Credentials Plugin; versions 2.3.18 and earlier do not escape user-controlled information on a view, causing a reflected XSS. Impact and exact exploitation details are not expanded in the provided documents beyond this description. Remediation known from related adv...

PT-2021-14691 · Jenkins · Jenkins Credentials Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Credentials Plugin versions prior to 2.3.19 Description: The issue results in a reflected cross-site scripting XSS vulnerability due to the plugin not escaping user-controlled information on a view it provides. Recommendations: For...

Jenkins Credentials Plugin 跨站脚本漏洞

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

CVE-2021-21625

Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances...

CVE-2021-21625

CVE-2021-21625 affects Jenkins CloudBees AWS Credentials Plugin, version 1.28 and earlier. The underlying issue is a missing permission check in a helper method for HTTP endpoints, enabling attackers with Overall/Read permission to enumerate AWS credentials IDs stored in Jenkins under certain con...

PT-2021-14668 · Amazon +2 · Aws Parameter Store Build Wrapper +4

Name of the Vulnerable Software and Affected Versions: Jenkins CloudBees AWS Credentials Plugin versions 1.28 and earlier Description: The issue allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins under certain circumstances. This can...

PT-2020-15356 · Jenkins · Credentials Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins Zephyr Enterprise Test Management Plugin versions 1.9.1 and earlier Description: The issue concerns the storage of the Zephyr password in plain text on the Jenkins master file system, specifically in the global configuration file...

CloudBees Jenkins Google OAuth Credentials Plugin Arbitrary File Read Vulnerability

CloudBees Jenkins is a set of Java-based development of continuous integration tools . A security vulnerability in CloudBees Jenkins Google OAuth Credentials Plugin allows remote attackers to exploit the vulnerability to submit a special request that can read the contents of system files on the...

CVE-2019-10436

An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master...