119 matches found
CVE-2020-2233
CVE-2020-2233 affects Jenkins Pipeline Maven Integration Plugin up to version 3.8.2, where an HTTP endpoint lacks a permission check. This enables users with Overall/Read access to enumerate credentials IDs stored in Jenkins (information disclosure). The vulnerability is addressed in 3.8.3 and la...
CVE-2020-2233
A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
CloudBees Jenkins Sonargraph Integration Plugin Cross-Site Scripting Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Sonargraph Integration Plugin is used in one ...
CVE-2020-2201
The CVE-2020-2201 entry concerns Jenkins Sonargraph Integration Plugin versions 3.0.0 and earlier, where the Log file field form validation does not escape the file path, causing a stored cross-site scripting (XSS) vulnerability. Affected component: Sonargraph Integration Plugin; root cause: lack...
CVE-2019-10381
Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM...
CloudBees Jenkins Maven Integration Plugin Input Validation Error Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/testing project and some timed tasks . Maven Integration Plugin is used in one...
CVE-2019-10358
Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log...
Design/Logic Flaw
Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log...
CVE-2019-10358
CVE-2019-10358 affects the Jenkins Maven Integration Plugin (versions ≤ 3.3). The root cause is that build log decorators were not applied to module builds, which could cause sensitive build variables to be exposed in logs. The available connected documents consistently describe this as a disclos...
CVE-2019-10327
CVE-2019-10327 affects Jenkins Pipeline Maven Integration Plugin versions 1.7.0 and earlier. The vulnerability is an XML External Entity (XXE) flaw in which a malicious XML file, processed via a Maven build that uses a temporary directory on the agent, can cause extraction of secrets from the Jen...
CVE-2019-10327
An XML external entities XXE vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file that uses external entities for...
CVE-2019-1003097
Jenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-1003097
CVE-2019-1003097 affects the Jenkins Crowd Integration Plugin, where credentials are stored unencrypted in the global config.xml on the Jenkins master. This allows users with access to the master file system to view sensitive data. The available connected documents confirm the affected component ...
CloudBees Jenkins Crowd 2 Integration Plugin Storing Credentials in Plain Text Format Vulnerability
CloudBees Jenkins formerly known as Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. It is mainly used to monitor continuous software version release/testing projects and some timed tasks.Crowd 2 Integration Plugin is used in which a Authentication Plugin. A...
CVE-2018-1000422
An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings...
CVE-2018-1000423
An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2...
Authorization
An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings...
CVE-2018-1000422
CVE-2018-1000422 affects Jenkins Crowd 2 Integration Plugin up to version 2.0.0. The vulnerability resides in CrowdSecurityRealm.java and enables an attacker to cause Jenkins to perform a connection test to an attacker‑specified server using attacker‑specified credentials and connection settings....
CVE-2018-1000423
An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2...
CVE-2018-1000423
The CVE-2018-1000423 entry concerns Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier, where credentials used to connect to Crowd 2 are stored in the plugin and can be accessed if an attacker has local filesystem access. The affected components are CrowdSecurityRealm.java and CrowdConfiguratio...