EUVD-2022-5602

Malicious code in bioql PyPI...

EUVD-2022-4336

Malicious code in bioql PyPI...

CVE-2023-30527

Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2022-27206

Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2019-10318

Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system...

CVE-2019-10280

Jenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

PT-2022-25762 · Jenkins · Jenkins Bigpanda Notifier Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins BigPanda Notifier Plugin versions 1.4.0 and earlier Description: The issue concerns the storage of the BigPanda API key in an unencrypted form within the global configuration file on the Jenkins controller. This file can be accessed b...

PT-2022-22355 · Jenkins · Jenkins Opsgenie Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpsGenie Plugin versions 1.9 and earlier Description: The issue concerns the storage of API keys in an unencrypted manner within the global configuration file and job config.xml files on the Jenkins controller. These keys can be...

PT-2022-22356 · Jenkins · Jenkins Opsgenie Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpsGenie Plugin versions 1.9 and earlier Description: The issue concerns the transmission and storage of API keys in plain text. Specifically, API keys are transmitted in plain text as part of the global Jenkins configuration form and...

CVE-2021-21605

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global config.xml file...

PT-2021-14655 · Jenkins · Jenkins Tracetronic Ecu-Test Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins TraceTronic ECU-TEST Plugin versions 2.23.1 and earlier Description: The issue allows credentials to be stored unencrypted in the global configuration file on the Jenkins controller, making them accessible to users with access to the...

PT-2020-15527 · Jenkins · Jenkins Sms Notification Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins SMS Notification Plugin versions 1.2 and earlier Description: The issue concerns the storage of an access token in an unencrypted form within the global configuration file on the Jenkins controller. Specifically, the file...

Navigate CMS 2.8.7 Directory Traversal

Exploit Title: Navigate CMS 2.8.7 - Authenticated Directory Traversal Date: 2020-06-04 Exploit Author: Gus Ralph Vendor Homepage: https://www.navigatecms.com/en/home Software Link: https://sourceforge.net/projects/navigatecms/files/releases/navigate-2.8.7r1401.zip/download Version: 2.8.7 Tested o...

Navigate CMS 2.8.7 - Authenticated Directory Traversal Vulnerability

Exploit for php platform in category web applications Exploit Title: Navigate CMS 2.8.7 - Authenticated Directory Traversal Exploit Author: Gus Ralph Vendor Homepage: https://www.navigatecms.com/en/home Software Link:...

PT-2019-11354 · Jenkins · Jenkins Aws-Device-Farm Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins aws-device-farm Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file of the Jenkins aws-device-farm Plugin. Specifically,...

PT-2019-11682 · Jenkins · Jenkins Assembla Auth Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Assembla Auth Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner in the global config.xml configuration file on the Jenkins master. This allows users with access ...

PT-2019-11361 · Jenkins · Jenkins Octopusdeploy Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins OctopusDeploy Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller. Specifically, the...

PT-2019-11690 · Jenkins · Jenkins Jabber Server Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Jabber Server Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller. Specifically, credentia...