Lucene search
K

145 matches found

Cvelist
Cvelist
added 2019/10/16 1:0 p.m.25 views

CVE-2019-10436

An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master...

6.3AI score0.00989EPSS
Exploits0References1
CVE
CVE
added 2019/10/16 1:0 p.m.71 views

CVE-2019-10436

The CVE-2019-10436 issue affects Jenkins Google OAuth Credentials Plugin up to version 0.9. The vulnerability allows attackers who can configure jobs and credentials in Jenkins to read arbitrary files on the Jenkins master, due to an improper access control path. Public details consistently descr...

6.5CVSS6.2AI score0.00989EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2019/10/16 12:0 a.m.5 views

PT-2019-11830 · Jenkins · Jenkins Google Oauth Credentials Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Google OAuth Credentials Plugin version 0.9 and earlier Description: The issue allows attackers who can configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master due to an arbitrary file read...

6.5CVSS6.2AI score0.00989EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2019/10/10 5:40 p.m.25 views

CVE-2019-10320

Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS12 certificate...

6.5CVSS3.6AI score0.00969EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2019/07/16 12:0 a.m.6 views

The vulnerability of the Jenkins Credentials plugin, related to the leakage of file and directory information, allows attackers to create or update credentials and gain access to files containing PKCS#12 certificates.

The vulnerability of the Jenkins Credentials plugin is related to the leakage of information about files and directories. Exploiting this vulnerability allows a malicious actor to create or update credentials and gain access to files containing PKCS12 certificates...

4.3CVSS5.5AI score0.00969EPSS
Exploits0References4Affected Software2
RedHat Linux
RedHat Linux
added 2019/07/03 11:56 a.m.9 views

jenkins-credentials-plugin: Certificate file read vulnerability in Credentials Plugin (SECURITY-1322)

Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS12 certificate...

4.3CVSS6.1AI score0.00969EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/06/26 9:9 a.m.2 views

jenkins-credentials-plugin: Certificate file read vulnerability in Credentials Plugin (SECURITY-1322)

Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS12 certificate...

4.3CVSS6.1AI score0.00969EPSS
Exploits0References5
NVD
NVD
added 2019/05/21 1:29 p.m.48 views

CVE-2019-10320

Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS12 certificate...

4.3CVSS4.5AI score0.00969EPSS
Exploits0References7
OSV
OSV
added 2019/05/21 1:29 p.m.27 views

CVE-2019-10320

Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS12 certificate...

4.3CVSS6.5AI score0.00969EPSS
Exploits0References7
CVE
CVE
added 2019/05/21 1:0 p.m.91 views

CVE-2019-10320

CVE-2019-10320 affects Jenkins Credentials Plugin (versions ≤ 2.1.18). An authenticated user with credential-management permission could confirm the existence of files on the Jenkins master via an attacker-controlled path, and read PKCS#12 certificate content from those files. This is a file-read...

4.3CVSS4.6AI score0.00969EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2019/05/21 12:0 a.m.3 views

PT-2019-2636 · Jenkins · Jenkins Credentials Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Credentials Plugin versions 2.1.18 and earlier Description: The issue allows users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path and obtain the...

4.3CVSS4.8AI score0.00969EPSS
Exploits0References14
OSV
OSV
added 2019/04/18 5:29 p.m.15 views

CVE-2019-10303

Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier stored credentials unencrypted in the credentials.xml file on the Jenkins master where they could be viewed by users with access to the master file system...

8.8CVSS6.5AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/04/18 12:0 a.m.3 views

PT-2019-11705 · Jenkins · Jenkins Azure Publishersettings Credentials Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Azure PublisherSettings Credentials Plugin versions 1.2 and earlier Jenkins Azure PublisherSettings Credentials Plugin versions prior to 1.5 Description: The issue concerns the storage of credentials in an unencrypted manner within th...

8.8CVSS8.4AI score0.01373EPSS
Exploits0References6
Cvelist
Cvelist
added 2019/01/09 11:0 p.m.18 views

CVE-2018-1000424

An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with...

7.5AI score0.00333EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2018/06/28 9:49 a.m.20 views

CVE-2018-1000601

A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system...

6.5CVSS5.1AI score0.01013EPSS
Exploits0References2
NVD
NVD
added 2018/06/26 5:29 p.m.16 views

CVE-2018-1000601

A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system...

6.5CVSS6.3AI score0.01013EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/06/26 5:0 p.m.17 views

CVE-2018-1000601

A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system...

6.3AI score0.01013EPSS
Exploits0References1
CVE
CVE
added 2018/06/26 5:0 p.m.67 views

CVE-2018-1000601

The CVE-2018-1000601 case concerns Jenkins SSH Credentials Plugin (versions 1.13 and earlier). The vulnerability is an arbitrary file read in BasicSSHUserPrivateKey.java that allows attackers who have a Jenkins account and the permission to configure credential bindings to read arbitrary files fr...

6.5CVSS6.2AI score0.01013EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2017/10/05 1:29 a.m.14 views

CVE-2017-1000113

The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with...

5.5CVSS6.3AI score
Exploits0References1
Prion
Prion
added 2017/10/05 1:29 a.m.13 views

Design/Logic Flaw

The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with...

2.1CVSS5.4AI score0.00374EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder