74 matches found
CVE-2019-10468
A cross-site request forgery vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-10469
A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-10469
CVE-2019-10469 describes a missing permission check in the Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin. The vulnerability allows attackers with Overall/Read permission to initiate requests to an attacker-specified URL using attacker-specified credentials IDs, potentially exfiltrating crede...
PT-2019-11862 · Jenkins · Jenkins Elasticbox Jenkins Kubernetes Ci/Cd Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin affected versions not specified Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially...
Unspecified Vulnerability in CloudBees Jenkins ElasticBox CI Plugin
CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. company CloudBees. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . ElasticBox CI Plugin is used in one of the...
PT-2019-11863 · Jenkins · Jenkins Elasticbox Jenkins Kubernetes Ci/Cd Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin affected versions not specified Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using...
PT-2019-11864 · Jenkins · Jenkins Elasticbox Jenkins Kubernetes Ci/Cd Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin affected versions not specified Description: A missing permission check in form-related methods of the Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allowed users with Overall/Read acces...
CVE-2019-10450
Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-10450
Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
Design/Logic Flaw
Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-10450
Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-10450
Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-10450
The CVE-2019-10450 entry concerns the Jenkins ElasticBox CI Plugin, which stores credentials unencrypted in the global config.xml on the Jenkins master. The underlying issue is the plaintext storage of sensitive information in the master configuration, enabling any user with master filesystem acc...
PT-2019-11844 · Jenkins · Jenkins Elasticbox Ci Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins ElasticBox CI Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global config.xml configuration file on the Jenkins master. This allows users with...