CVE-2020-2208

Jenkins Slack Upload Plugin 1.7 and earlier stores a secret unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-1003043

A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2019-1003044

A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

org.jenkins-ci.plugins:global-slack-notifier (>=1.0 <=1.3) potentially affected by CVE-2019-1003043 via org.jenkins-ci.plugins:slack (=2.2)

org.jenkins-ci.plugins:slack MAVEN version =2.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:slack and may be impacted: - org.jenkins-ci.plugins:global-slack-notifier =1.0, =1.3 Source cves: CVE-2019-1003043 Source advisory:...

PT-2020-15422 · Jenkins · Jenkins Slack Upload Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Slack Upload Plugin versions 1.7 and earlier Description: The issue allows users with Extended Read permission, or access to the master file system, to view a secret stored unencrypted in job config.xml files on the Jenkins master...

CVE-2019-1003044

Summary: CVE-2019-1003044 is a CSRF vulnerability in Jenkins Slack Notification Plugin version 2.19 and earlier. The issue allows an attacker to craft a request that connects to an attacker-chosen URL using credentials IDs that an attacker can obtain by other means, potentially exposing credentia...

CVE-2019-1003043

Summary: Jenkins Slack Notification Plugin (versions ≤ 2.19) contains a missing permission check in a form-validation pathway that can be exploited by users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially exfiltrating credenti...

PT-2019-11334 · Jenkins · Jenkins Slack Notification Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Slack Notification Plugin versions 2.19 and earlier Description: A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing credentials...

PT-2019-11333 · Jenkins · Jenkins Slack Notification Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Slack Notification Plugin versions 2.19 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs,...