Lucene search
K

119 matches found

CVE
CVE
added 2020/08/12 1:25 p.m.68 views

CVE-2020-2233

CVE-2020-2233 affects Jenkins Pipeline Maven Integration Plugin up to version 3.8.2, where an HTTP endpoint lacks a permission check. This enables users with Overall/Read access to enumerate credentials IDs stored in Jenkins (information disclosure). The vulnerability is addressed in 3.8.3 and la...

6.5CVSS6.3AI score0.00836EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2020/08/12 1:25 p.m.28 views

CVE-2020-2233

A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

6.5CVSS4.2AI score0.00836EPSS
Exploits0References2
CNVD
CNVD
added 2020/07/03 12:0 a.m.3 views

CloudBees Jenkins Sonargraph Integration Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Sonargraph Integration Plugin is used in one ...

5.4CVSS6.5AI score0.00735EPSS
Exploits0References1
CVE
CVE
added 2020/07/02 2:55 p.m.67 views

CVE-2020-2201

The CVE-2020-2201 entry concerns Jenkins Sonargraph Integration Plugin versions 3.0.0 and earlier, where the Log file field form validation does not escape the file path, causing a stored cross-site scripting (XSS) vulnerability. Affected component: Sonargraph Integration Plugin; root cause: lack...

5.4CVSS5.2AI score0.00735EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2019/08/07 3:15 p.m.26 views

CVE-2019-10381

Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM...

7.5CVSS7.6AI score0.01117EPSS
Exploits0References2
CNVD
CNVD
added 2019/08/02 12:0 a.m.3 views

CloudBees Jenkins Maven Integration Plugin Input Validation Error Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/testing project and some timed tasks . Maven Integration Plugin is used in one...

6.5CVSS6.7AI score0.0101EPSS
Exploits0References1
OSV
OSV
added 2019/07/31 1:15 p.m.15 views

CVE-2019-10358

Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log...

6.5CVSS6.5AI score
Exploits0References2
Prion
Prion
added 2019/07/31 1:15 p.m.13 views

Design/Logic Flaw

Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log...

4CVSS6.3AI score0.0101EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/07/31 12:45 p.m.63 views

CVE-2019-10358

CVE-2019-10358 affects the Jenkins Maven Integration Plugin (versions ≤ 3.3). The root cause is that build log decorators were not applied to module builds, which could cause sensitive build variables to be exposed in logs. The available connected documents consistently describe this as a disclos...

6.5CVSS6.3AI score0.0101EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/05/31 2:20 p.m.230 views

CVE-2019-10327

CVE-2019-10327 affects Jenkins Pipeline Maven Integration Plugin versions 1.7.0 and earlier. The vulnerability is an XML External Entity (XXE) flaw in which a malicious XML file, processed via a Maven build that uses a temporary directory on the agent, can cause extraction of secrets from the Jen...

8.1CVSS8AI score0.01467EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/05/31 2:20 p.m.16 views

CVE-2019-10327

An XML external entities XXE vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file that uses external entities for...

8.1AI score0.01467EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/04/04 3:38 p.m.31 views

CVE-2019-1003097

Jenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

6.4AI score0.01622EPSS
Exploits0References3
CVE
CVE
added 2019/04/04 3:38 p.m.60 views

CVE-2019-1003097

CVE-2019-1003097 affects the Jenkins Crowd Integration Plugin, where credentials are stored unencrypted in the global config.xml on the Jenkins master. This allows users with access to the master file system to view sensitive data. The available connected documents confirm the affected component ...

6.5CVSS6.3AI score0.01622EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2019/01/11 12:0 a.m.4 views

CloudBees Jenkins Crowd 2 Integration Plugin Storing Credentials in Plain Text Format Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. It is mainly used to monitor continuous software version release/testing projects and some timed tasks.Crowd 2 Integration Plugin is used in which a Authentication Plugin. A...

7.8CVSS6.6AI score0.00311EPSS
Exploits0References1
NVD
NVD
added 2019/01/09 11:29 p.m.19 views

CVE-2018-1000422

An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings...

6.5CVSS6.4AI score0.00769EPSS
Exploits0References2
NVD
NVD
added 2019/01/09 11:29 p.m.23 views

CVE-2018-1000423

An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2...

7.8CVSS7.4AI score0.00311EPSS
Exploits0References2
Prion
Prion
added 2019/01/09 11:29 p.m.16 views

Authorization

An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings...

4CVSS6.4AI score0.00769EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/01/09 11:0 p.m.48 views

CVE-2018-1000422

CVE-2018-1000422 affects Jenkins Crowd 2 Integration Plugin up to version 2.0.0. The vulnerability resides in CrowdSecurityRealm.java and enables an attacker to cause Jenkins to perform a connection test to an attacker‑specified server using attacker‑specified credentials and connection settings....

6.5CVSS6.3AI score0.00769EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/01/09 11:0 p.m.23 views

CVE-2018-1000423

An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2...

7.5AI score0.00311EPSS
Exploits0References2
CVE
CVE
added 2019/01/09 11:0 p.m.56 views

CVE-2018-1000423

The CVE-2018-1000423 entry concerns Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier, where credentials used to connect to Crowd 2 are stored in the plugin and can be accessed if an attacker has local filesystem access. The affected components are CrowdSecurityRealm.java and CrowdConfiguratio...

7.8CVSS7.4AI score0.00311EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder