145 matches found
CVE-2019-10436
An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master...
CVE-2019-10436
The CVE-2019-10436 issue affects Jenkins Google OAuth Credentials Plugin up to version 0.9. The vulnerability allows attackers who can configure jobs and credentials in Jenkins to read arbitrary files on the Jenkins master, due to an improper access control path. Public details consistently descr...
PT-2019-11830 · Jenkins · Jenkins Google Oauth Credentials Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Google OAuth Credentials Plugin version 0.9 and earlier Description: The issue allows attackers who can configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master due to an arbitrary file read...
CVE-2019-10320
Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS12 certificate...
The vulnerability of the Jenkins Credentials plugin, related to the leakage of file and directory information, allows attackers to create or update credentials and gain access to files containing PKCS#12 certificates.
The vulnerability of the Jenkins Credentials plugin is related to the leakage of information about files and directories. Exploiting this vulnerability allows a malicious actor to create or update credentials and gain access to files containing PKCS12 certificates...
jenkins-credentials-plugin: Certificate file read vulnerability in Credentials Plugin (SECURITY-1322)
Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS12 certificate...
jenkins-credentials-plugin: Certificate file read vulnerability in Credentials Plugin (SECURITY-1322)
Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS12 certificate...
CVE-2019-10320
Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS12 certificate...
CVE-2019-10320
Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS12 certificate...
CVE-2019-10320
CVE-2019-10320 affects Jenkins Credentials Plugin (versions ≤ 2.1.18). An authenticated user with credential-management permission could confirm the existence of files on the Jenkins master via an attacker-controlled path, and read PKCS#12 certificate content from those files. This is a file-read...
PT-2019-2636 · Jenkins · Jenkins Credentials Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Credentials Plugin versions 2.1.18 and earlier Description: The issue allows users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path and obtain the...
CVE-2019-10303
Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier stored credentials unencrypted in the credentials.xml file on the Jenkins master where they could be viewed by users with access to the master file system...
PT-2019-11705 · Jenkins · Jenkins Azure Publishersettings Credentials Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Azure PublisherSettings Credentials Plugin versions 1.2 and earlier Jenkins Azure PublisherSettings Credentials Plugin versions prior to 1.5 Description: The issue concerns the storage of credentials in an unencrypted manner within th...
CVE-2018-1000424
An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with...
CVE-2018-1000601
A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system...
CVE-2018-1000601
A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system...
CVE-2018-1000601
A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system...
CVE-2018-1000601
The CVE-2018-1000601 case concerns Jenkins SSH Credentials Plugin (versions 1.13 and earlier). The vulnerability is an arbitrary file read in BasicSSHUserPrivateKey.java that allows attackers who have a Jenkins account and the permission to configure credential bindings to read arbitrary files fr...
CVE-2017-1000113
The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with...
Design/Logic Flaw
The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with...