198 matches found
EUVD-2022-5216
Malicious code in bioql PyPI...
EUVD-2022-2192
Malicious code in bioql PyPI...
MAL-2025-23739 Malicious code in jenkins-master (npm)
The package jenkins-master was found to contain malicious code...
Malicious code in jenkins-master (npm)
The package jenkins-master was found to contain malicious code...
CVE-2019-10420
Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2018-1000146
An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM...
SUSE CVE-2018-1000146
An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM...
SUSE CVE-2018-1999002
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins...
Jenkins NeuVector Vulnerability Scanner Plugin stored credentials in plain text
Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
Secret stored in plain text by Jenkins Slack Upload Plugin
Jenkins Slack Upload Plugin 1.7 and earlier stores a secret unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...
GHSA-9HPQ-528P-48J3 Jenkins Redgate SQL Change Automation Plugin has Insufficiently Protected Credentials
Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
Jenkins Rundeck Plugin stored credentials in plain text
Jenkins Rundeck Plugin 3.6.5 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
Jenkins Redgate SQL Change Automation Plugin has Insufficiently Protected Credentials
Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
GHSA-HFJR-M75M-WMH7 Jenkins Zulip Plugin vulnerable to Insufficiently Protected Credentials
Jenkins Zulip Plugin prior to 1.1.1 stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
Jenkins Zulip Plugin vulnerable to Insufficiently Protected Credentials
Jenkins Zulip Plugin prior to 1.1.1 stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
Jenkins Sonar Gerrit Plugin stores credentials unencrypted
Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
Jenkins Bitbucket OAuth Plugin contains Insufficiently Protected Credentials
Jenkins Bitbucket OAuth Plugin prior to 0.10 stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
GHSA-84H6-JF8X-FF2J Jenkins Bitbucket OAuth Plugin contains Insufficiently Protected Credentials
Jenkins Bitbucket OAuth Plugin prior to 0.10 stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
GHSA-4P59-P85X-F3WX Jenkins Delphix Plugin vulnerable to Cleartext credential storage
Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
GHSA-8X6C-375H-PM4F Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin
Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...