369 matches found
Design/Logic Flaw
Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
CVE-2020-2274
Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
PT-2020-15493 · Jenkins · Jenkins Mongodb Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins MongoDB Plugin versions 1.3 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller. This issue arises because the plug...
CVE-2020-2239
Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...
CVE-2020-2239
Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...
PT-2020-15371 · Jenkins +1 · Jenkins Zephyr For Jira Test Management Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins Zephyr for JIRA Test Management Plugin versions 1.5 and earlier Description: The issue concerns the storage of credentials in plain text in a global configuration file on the Jenkins master file system. Specifically, the Zephyr for JI...
PT-2019-11813 · Vmware +2 · Vfabric Application Director Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins vFabric Application Director Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file of the Jenkins master. Specifically, the...
PT-2019-11350 · Jenkins · Jenkins Official Owasp Zap Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Official OWASP ZAP Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file of the Jenkins Official OWASP ZAP Plugin. Specifically,...
PT-2019-11354 · Jenkins · Jenkins Aws-Device-Farm Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins aws-device-farm Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file of the Jenkins aws-device-farm Plugin. Specifically,...