38 matches found
Code injection
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure...
Format string
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format...
CVE-2020-2197
The vulnerability concerns the Jenkins Project Inheritance Plugin, affecting versions 21.04.03 and earlier (and specifically noted for 19.08.02 and earlier). Affected functionality via the API endpoint /job/…/getConfigAsXML does not enforce Job/ExtendedRead permission, allowing users with only Jo...
CVE-2020-2198
The CVE-2020-2198 issue affects the Jenkins Project Inheritance Plugin where encrypted secrets in a job’s config.xml are not redacted by the getConfigAsXML API when accessed by users without Job/Configure permissions. Multiple sources indicate this affects older plugin versions (e.g., 19.08.02 an...
CVE-2020-2198
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure...
PT-2020-15411 · Jenkins · Jenkins Project Inheritance Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Project Inheritance Plugin versions 21.04.03 and earlier Jenkins Project Inheritance Plugin version 19.08.02 and earlier Description: The issue allows access to Inheritance Project job configurations in XML format without requiring th...
CloudBees Project Inheritance Plugin Information Disclosure Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Project Inheritance Plugin is used in one of...
CloudBees Jenkins Project Inheritance Plugin Cross-Site Request Forgery Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Project Inheritance Plugin is used in one of...
CVE-2019-10407
Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin...
CVE-2019-10409
A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates...
CVE-2019-10408
A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates...
CVE-2019-10407
Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin...
CVE-2019-10408
A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates...
CVE-2019-10409
The CVE concerns Jenkins Project Inheritance Plugin, affecting 2.0.0 and earlier. Root cause: missing permission check allows users with Overall/Read to trigger project generation from templates. Impact: unauthorized project creation without elevated privileges. Exploitation status is not detaile...
CVE-2019-10407
Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin...
CVE-2019-10407
CVE-2019-10407 affects Jenkins Project Inheritance Plugin (versions 2.0.0 and earlier; also referenced as 19.08.02 and earlier in extended advisories). The vulnerability stems from the plugin displaying a list of environment variables passed to a build without masking sensitive variables contribu...
CVE-2019-10408
The CVE refers to Jenkins Project Inheritance Plugin (2.0.0 and earlier) with a CSRF vulnerability caused by a missing permission check in the HTTP endpoint that triggers project creation from templates. This allowed users, potentially with limited access, to trigger project generation without pr...
PT-2019-11801 · Jenkins · Jenkins Project Inheritance Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins Project Inheritance Plugin versions 2.0.0 and earlier Jenkins Project Inheritance Plugin versions 19.08.02 and earlier Description: The issue concerns the display of environment variables passed to a build without properly masking...