RHCOS 3 : Red Hat OpenShift Enterprise 3.1.1 update (Important) (RHSA-2016:0070)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0070 advisory. - commons-fileupload: Arbitrary file upload via deserialization CVE-2013-2186 - stapler-adjunct-zeroclipboard: multiple cross-site...

CVE-2026-33004

Jenkins LoadNinja Plugin 2.1 and earlier does not mask LoadNinja API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

EUVD-2022-4132

Malicious code in bioql PyPI...

EUVD-2022-2971

Malicious code in bioql PyPI...

EUVD-2022-4612

Malicious code in bioql PyPI...

EUVD-2022-2644

Malicious code in bioql PyPI...

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the global configuration file on the Jenkins controller. An attacker can obtain sensitive integration tokens by accessing the file system where the configuration is stored. Remediation There...

CVE-2021-21617

A cross-site request forgery CSRF vulnerability in Jenkins Configuration Slicing Plugin 1.51 and earlier allows attackers to apply different slice configurations...

CVE-2019-10345

Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export...

CVE-2019-10344

Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins...

Jenkins plugins Multiple Vulnerabilities (2024-05-02)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - High Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are...

Information disclosure through error stack traces related to agents

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier, and prior to LTS 2.387.1 prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers. Jenkins 2.394, LTS 2.375.4,...

GHSA-7C3V-VC3X-X789 Insertion of Sensitive Information into Log File in Jenkins Configuration as Code Plugin

Configuration as Code Plugin logs the changes it applies to the Jenkins system log. Secrets such as passwords should be masked i.e. replaced with asterisks in that log to prevent accidental disclosure. Configuration as Code Plugin inspects the type and looks for a field, getter, or constructor...

Missing Authorization in Jenkins Configuration as Code Plugin

Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins...

GHSA-MQR8-3V8J-46WV Missing Authorization in Jenkins Configuration as Code Plugin

Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins...

Jenkins Dependency Graph Viewer Plugin contains Cross-site Scripting

A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins...

Jenkins Configuration as Code Plugin vulnerable to Exposure of Sensitive Information

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration. Version 0.8-alpha contains a fix for this issue...

CloudBees Jenkins Configuration Slicing Plugin Cross-Site Request Forgery Vulnerability

Jenkins Configuration Slicing is a Jenkins open source application plugin . Provides bulk configuration of selected project properties , including email , timers , discard old versions and Maven configuration. Jenkins Configuration Slicing Plugin 1.51 and earlier versions have a cross-site reques...

CVE-2021-21617

A cross-site request forgery CSRF vulnerability in Jenkins Configuration Slicing Plugin 1.51 and earlier allows attackers to apply different slice configurations...

Jenkins Configuration Slicing 跨站请求伪造漏洞

Jenkins Configuration Slicing is a Jenkins open source application plugin . Provides bulk configuration of selected project properties , including email , timers , discard old versions and Maven configuration. Jenkins Configuration Slicing Plugin 1.51 and earlier versions have a cross-site reques...