408 matches found
PT-2019-11696 · Jenkins · Jenkins Kmap Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Kmap Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within job config.xml files on the Jenkins master. Users with Extended Read permission or access to the...
PT-2019-11685 · Jenkins · Jenkins Mabl Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins mabl Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within job config.xml files on the Jenkins master or controller. These credentials can be accessed by user...
PT-2019-11358 · Vmware +1 · Vrealize Automation Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins VMware vRealize Automation Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within job config.xml files on the Jenkins master or controller. These credentials c...
PT-2019-11386 · Jenkins · Jenkins Testfairy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins TestFairy Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within job config.xml files on the Jenkins master. This allows users with Extended Read permission or...
PT-2019-11335 · Jenkins · Jenkins Ecs Publisher Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins ECS Publisher Plugin versions 1.0.0 and earlier Description: A vulnerability in the plugin allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configur...
jenkins: Encrypted secrets (e.g. passwords) were leaked to users with permission to read configuration (SECURITY-266)
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration...
jenkins: Granting the permission to read node configurations allows access to overall system configuration (SECURITY-281)
The API URL computer/master/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors...
CloudBees Jenkins CI and Jenkins LTS Information Disclosure Vulnerability (CNVD-2016-03162)
CloudBees Jenkins CI formerly known as Hudson Labs is a Java-based continuous integration tool from CloudBees, Inc. It is mainly used to monitor ongoing software releases/testing projects and a number of timed tasks.LTS Long-Term Support is a long-supported version of CloudBees Jenkins CI is a...