145 matches found
Jenkins Coverity Plugin has Insufficiently Protected Credentials
A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser e.g. malicious extension to retrieve the configured keystore and priva...
GHSA-CGHG-JCV6-4V5M Jenkins Coverity Plugin has Insufficiently Protected Credentials
A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser e.g. malicious extension to retrieve the configured keystore and priva...
CVE-2022-29036
A flaw was found in the Jenkins credentials plugin. The Jenkins credentials plugin does not escape the name and description of Credentials parameters on views displaying parameters. This issue results in a stored Cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...
Cross-site Scripting in Jenkins Credentials Plugin
Jenkins Credentials Plugin 1111.v35a307992395 and earlier, except 1087.1089.v2f1b9ab040e4, 1074.1076.v39c30cecb0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability...
Jenkins Credentials Plugin Cross-Site Scripting Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exis...
CVE-2022-29036
Jenkins Credentials Plugin 1111.v35a307992395 and earlier, except 1087.1089.v2f1b9ab040e4, 1074.1076.v39c30cecb0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability...
CVE-2022-29036
Jenkins Credentials Plugin 1111.v35a307992395 and earlier, except 1087.1089.v2f1b9ab040e4, 1074.1076.v39c30cecb0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability...
PT-2022-19375 · Jenkins · Jenkins Credentials Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Credentials Plugin versions 1111.v35a 307992395 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the plugin does not escape the name and description of Credentials...
CVE-2022-29036
CVE-2022-29036 affects Jenkins Credentials Plugin (versions including 1111.v35a_307992395 and earlier, with some exceptions) by failing to escape the name/description of Credentials parameters on views that display them, enabling stored XSS for attackers with Item/Configure permission. Exploitati...
Jenkins Credentials Plugin跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exis...
CVE-2022-29036
Jenkins Credentials Plugin 1111.v35a307992395 and earlier, except 1087.1089.v2f1b9ab040e4, 1074.1076.v39c30cecb0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability...
CVE-2022-27198
A cross-site request forgery CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...
CVE-2022-27199
A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...
CVE-2022-27198
A cross-site request forgery CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...
CVE-2022-27198
A cross-site request forgery CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...
CVE-2022-27199
A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...
CVE-2022-27199
CVE-2022-27199 corresponds to a vulnerability in Jenkins CloudBees AWS Credentials Plugin (versions 189.v3551d5642995 and earlier) caused by a missing permission check. This flaw lets attackers with Overall/Read permission connect to an AWS service using an attacker-specified token, as described ...
CVE-2022-27199
A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...
CVE-2022-27198
A cross-site request forgery CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...