PT-2019-11729 · Jenkins · Jenkins Influxdb Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins InfluxDB Plugin versions 1.21 and earlier Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master. This allows users with access to the master file...

CloudBees Jenkins Audit to Database plugin cross-site request forgery vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Audit to Database Plugin is used in which a...

CVE-2019-1003077

A missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpldoTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

CVE-2019-1003077

A missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpldoTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

CVE-2019-1003076

A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpldoTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

Design/Logic Flaw

Jenkins Audit to Database Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

Input validation

A missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpldoTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

CVE-2019-1003076

Summary (CVE-2019-1003076) : A cross-site request forgery vulnerability in the Jenkins Audit to Database Plugin (DbAuditPublisherDescriptorImpl#doTestJdbcConnection) allows an attacker to initiate a connection to a server specified by the attacker. The issue is documented across multiple sources ...

CVE-2019-1003076

A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpldoTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

CVE-2019-1003076

A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpldoTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

CVE-2019-1003077

A missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpldoTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

PT-2019-11365 · Jenkins · Jenkins Audit To Database Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Audit to Database Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file. Specifically, database credentials are stored unencrypt...

CVE-2017-14126

The Participants Database plugin before 1.7.5.10 for WordPress has XSS...

CVE-2017-14126

The Participants Database plugin before 1.7.5.10 for WordPress has XSS...

SSH Public Key Acceptance Scanner

This module can determine what public keys are configured for key-based authentication across a range of machines, users, and sets of known keys. The SSH protocol indicates whether a particular key is accepted prior to the client performing the actual signed authentication request. To use this...

Participants Database Plugin for WordPress < 1.5.4.9 'query' Parameter SQL Injection

The Participants Database Plugin for WordPress installed on the remote host is prior to version 1.5.4.9. It is, therefore, affected by a SQL injection vulnerability due to failure to properly sanitize user-supplied input to the 'query' parameter in the 'pdb-signup' script. A remote, unauthenticat...

CVE-2014-3961

SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/...