CVE-2024-39459

In rare cases Jenkins Plain Credentials Plugin 182.v468b97b9dcb8 and earlier stores secret file credentials unencrypted only Base64 encoded on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system global credentials or with...

CVE-2024-39459

In Jenkins, the Plain Credentials Plugin (versions 182.v468b_97b_9dcb_8 and earlier) can store secret file credentials unencrypted (Base64 only) on the Jenkins controller filesystem. This allows users with access to the controller filesystem or with Item/Extended Read permissions to view those cr...

GHSA-GPC2-F62M-C6H6 Jenkins Code Dx Plugin stores API keys in plain text

Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionall...

Jenkins Code Dx Plugin stores API keys in plain text

Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionall...

Jenkins Code Dx Plugin displays API keys in plain text

Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionall...

GHSA-352V-HHMH-2W8H Jenkins Code Dx Plugin displays API keys in plain text

Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionall...

PT-2023-20615 · Jenkins · Credentials Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins Code Dx Plugin versions 3.1.0 and earlier Description: The issue concerns the storage and display of Code Dx server API keys. In affected versions, these keys are stored unencrypted in job config.xml files on the Jenkins controller an...

GHSA-RR93-7C6X-8V4V Cross-Site Request Forgery in Jenkins Azure Credentials Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server...

Cross-Site Request Forgery in Jenkins Azure Credentials Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server...

CVE-2023-25766

A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2023-25766

A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2023-25768

A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server...

CVE-2023-25767

A cross-site request forgery CSRF vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server...

SUSE CVE-2017-1000113

The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with...

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.9 Multiple Vulnerabilities (CloudBees Security Advisory 2023-02-15)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.9. It is, therefore, affected by multiple vulnerabilities including the following: - CSRF vulnerability and missing permission checks in Synopsys Coverity Plugin allow...

CVE-2023-25766

A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2023-25767

A cross-site request forgery CSRF vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server...

CVE-2023-25767

CVE-2023-25767 is a CSRF vulnerability affecting Jenkins Azure Credentials Plugin in versions up to 253.v887e0f9e898b and earlier. The Red Hat and OSV entries confirm the flaw permits an attacker to trigger actions that cause the Jenkins client to connect to an attacker-controlled web server, due...

CVE-2023-25768

A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server...

CVE-2023-25767

A cross-site request forgery CSRF vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server...