Lucene search
K

58 matches found

Cvelist
Cvelist
added 2023/12/13 5:30 p.m.28 views

CVE-2023-50773

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

5.3AI score0.00347EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/12/13 5:30 p.m.11 views

CVE-2023-50772

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

6.6AI score0.00347EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/12/13 5:30 p.m.32 views

CVE-2023-50772

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

5.2AI score0.00347EPSS
Exploits0References2
CVE
CVE
added 2023/12/13 5:30 p.m.52 views

CVE-2023-50772

CVE-2023-50772 affects the Jenkins Dingding JSON Pusher Plugin 2.0 and earlier. The issue is that access tokens are stored unencrypted in job config.xml files on the Jenkins controller, enabling viewing by users with Item/Extended Read permission or access to the controller file system. The conne...

4.3CVSS4.5AI score0.00347EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/12/13 12:0 a.m.3 views

Jenkins Dingding JSON Pusher Plugin Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS6.7AI score0.00347EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/12/13 12:0 a.m.2 views

Jenkins Dingding JSON Pusher Plugin Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS6.6AI score0.00347EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/12/13 12:0 a.m.4 views

PT-2023-31642 · Jenkins · Jenkins Dingding Json Pusher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Dingding JSON Pusher Plugin versions 2.0 and earlier Description: The issue concerns the Jenkins Dingding JSON Pusher Plugin, where access tokens are not masked on the job configuration form. This increases the potential for attackers...

4.3CVSS4.3AI score0.00347EPSS
Exploits0References7
OSV
OSV
added 2022/05/24 4:57 p.m.59 views

GHSA-XG8P-CP7F-CPHX DingTalk Plugin stores credentials in plain text

Jenkins Dingding notifications Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

3.3CVSS3.7AI score0.00409EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/24 4:57 p.m.17 views

DingTalk Plugin stores credentials in plain text

Jenkins Dingding notifications Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

3.3CVSS7AI score0.00409EPSS
Exploits0References6Affected Software1
CNVD
CNVD
added 2019/11/20 12:0 a.m.2 views

CloudBees Jenkins Dingding Plugin Information Disclosure Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Dingding Plugin is used in which a notificatio...

3.3CVSS6.4AI score0.00409EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2019/10/04 12:0 a.m.45 views

Jenkins dingding-notifications Cleartext Storage of Credentials Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Jenkins. Authentication is required to exploit this vulnerability. The specific flaw exists within the dingding-notifications plugin. The issue results from storing credentials in plaintext. A...

5.3CVSS2AI score0.00409EPSS
Exploits0References1
NVD
NVD
added 2019/10/01 2:15 p.m.30 views

CVE-2019-10433

Jenkins Dingding钉钉 Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

3.3CVSS3.8AI score0.00409EPSS
Exploits0References3
OSV
OSV
added 2019/10/01 2:15 p.m.20 views

CVE-2019-10433

Jenkins Dingding钉钉 Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

3.3CVSS6.7AI score
Exploits0References3
Prion
Prion
added 2019/10/01 2:15 p.m.17 views

Design/Logic Flaw

Jenkins Dingding?? Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

2.1CVSS4AI score0.00409EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/10/01 1:45 p.m.33 views

CVE-2019-10433

Jenkins Dingding钉钉 Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

3.8AI score0.00409EPSS
Exploits0References3
CVE
CVE
added 2019/10/01 1:45 p.m.61 views

CVE-2019-10433

The CVE-2019-10433 entry affects the Jenkins Dingding plugin, where credentials are stored unencrypted in job config.xml files on the Jenkins master. This exposes credentials to users with Extended Read permissions or anyone with access to the master filesystem, as described across multiple sourc...

3.3CVSS3.9AI score0.00409EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2019/10/01 12:0 a.m.5 views

PT-2019-11827 · Jenkins · Jenkins Dingding Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Dingding Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner in job config.xml files on the Jenkins master. These credentials can be accessed by users with Extende...

3.3CVSS3.6AI score0.00409EPSS
Exploits0References10
Symantec
Symantec
added 2019/10/01 12:0 a.m.15 views

Multiple Jenkins Plugins Multiple Security Vulnerabilities

Description Jenkins plugins are prone to the following vulnerabilities: 1. A HTML-injection vulnerability 2. Multiple information-disclosure vulnerabilities 3. A security-bypass vulnerability An attacker may leverage these issues to steal cookie-based authentication credentials, gain access to...

7.3AI score
Exploits0References1Affected Software5
Rows per page
Query Builder