58 matches found
CVE-2023-50773
Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
CVE-2023-50772
Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2023-50772
Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2023-50772
CVE-2023-50772 affects the Jenkins Dingding JSON Pusher Plugin 2.0 and earlier. The issue is that access tokens are stored unencrypted in job config.xml files on the Jenkins controller, enabling viewing by users with Item/Extended Read permission or access to the controller file system. The conne...
Jenkins Dingding JSON Pusher Plugin Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Dingding JSON Pusher Plugin Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2023-31642 · Jenkins · Jenkins Dingding Json Pusher Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Dingding JSON Pusher Plugin versions 2.0 and earlier Description: The issue concerns the Jenkins Dingding JSON Pusher Plugin, where access tokens are not masked on the job configuration form. This increases the potential for attackers...
GHSA-XG8P-CP7F-CPHX DingTalk Plugin stores credentials in plain text
Jenkins Dingding notifications Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
DingTalk Plugin stores credentials in plain text
Jenkins Dingding notifications Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CloudBees Jenkins Dingding Plugin Information Disclosure Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Dingding Plugin is used in which a notificatio...
Jenkins dingding-notifications Cleartext Storage of Credentials Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins. Authentication is required to exploit this vulnerability. The specific flaw exists within the dingding-notifications plugin. The issue results from storing credentials in plaintext. A...
CVE-2019-10433
Jenkins Dingding钉钉 Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10433
Jenkins Dingding钉钉 Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
Design/Logic Flaw
Jenkins Dingding?? Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10433
Jenkins Dingding钉钉 Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10433
The CVE-2019-10433 entry affects the Jenkins Dingding plugin, where credentials are stored unencrypted in job config.xml files on the Jenkins master. This exposes credentials to users with Extended Read permissions or anyone with access to the master filesystem, as described across multiple sourc...
PT-2019-11827 · Jenkins · Jenkins Dingding Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Dingding Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner in job config.xml files on the Jenkins master. These credentials can be accessed by users with Extende...
Multiple Jenkins Plugins Multiple Security Vulnerabilities
Description Jenkins plugins are prone to the following vulnerabilities: 1. A HTML-injection vulnerability 2. Multiple information-disclosure vulnerabilities 3. A security-bypass vulnerability An attacker may leverage these issues to steal cookie-based authentication credentials, gain access to...