Lucene search
K

332 matches found

CVE
CVE
added 2023/12/13 5:30 p.m.43 views

CVE-2023-50773

CVE-2023-50773 affects Jenkins Dingding JSON Pusher Plugin 2.0 and earlier. The vulnerability arises because the plugin stores access tokens unencrypted in job config.xml (CVE-2023-50772) and does not mask access tokens displayed on the job configuration form (CVE-2023-50773). This can allow atta...

4.3CVSS4.5AI score0.00347EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/12/13 12:0 a.m.7 views

Jenkins PaaSLane Estimate Plugin Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS6.9AI score0.00318EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/12/13 12:0 a.m.4 views

PT-2023-31642 · Jenkins · Jenkins Dingding Json Pusher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Dingding JSON Pusher Plugin versions 2.0 and earlier Description: The issue concerns the Jenkins Dingding JSON Pusher Plugin, where access tokens are not masked on the job configuration form. This increases the potential for attackers...

4.3CVSS4.3AI score0.00347EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/12/13 12:0 a.m.2 views

Jenkins Dingding JSON Pusher Plugin Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS6.6AI score0.00347EPSS
Exploits0References4
OSV
OSV
added 2023/09/06 3:30 p.m.22 views

GHSA-CGH7-RGQG-HRCX Path traversal allows exploiting XXE vulnerability in Jenkins Job Configuration History Plugin

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'...

6.5CVSS6.5AI score0.00555EPSS
Exploits0References3
OSV
OSV
added 2023/09/06 1:15 p.m.4 views

CVE-2023-41933

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.8CVSS5.8AI score0.0075EPSS
Exploits0References2
CVE
CVE
added 2023/09/06 12:8 p.m.131 views

CVE-2023-41933

CVE-2023-41933 affects Jenkins Job Configuration History Plugin versions 1227.v7a_79fc4dc01f and earlier. The root cause is that the plugin does not configure its XML parser to prevent XML External Entity (XXE) attacks, enabling potential XXE exploitation. The provided documents do not specify ex...

8.8CVSS8.6AI score0.0075EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/09/06 12:8 p.m.114 views

CVE-2023-41931

CVE-2023-41931 — Jenkins Job Configuration History Plugin : The vulnerability affects the Jenkins Job Configuration History Plugin (versions 1227.v7a_79fc4dc01f and earlier). The root cause is the plugin not properly sanitizing or escaping the timestamp value from history entries when rendering a...

5.4CVSS5.2AI score0.00432EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/09/06 12:8 p.m.125 views

CVE-2023-41932

The CVE-2023-41932 entry affects Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier. The root cause is that the plugin does not restrict the 'timestamp' query parameter across multiple endpoints, which can allow an attacker to delete attacker-specified directories on the Jen...

6.5CVSS6.3AI score0.00555EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/06 12:0 a.m.8 views

PT-2023-28168 · Jenkins · Jenkins Job Configuration History Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Job Configuration History Plugin versions 1227.v7a 79fc4dc01f and earlier Description: The issue allows attackers to manipulate the configuration history rendered by Jenkins, as the 'name' query parameter is not restricted when...

4.3CVSS4.2AI score0.0076EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/09/06 12:0 a.m.4 views

Jenkins Plugin Job Configuration History Code Issue Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

8.8CVSS6.9AI score0.0075EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/09/06 12:0 a.m.4 views

Jenkins Plugin Job Configuration History Path Traversal Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS6.7AI score0.0076EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/09/06 12:0 a.m.5 views

Jenkins Plugin Job Configuration History Code Issue Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS6.8AI score0.00555EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/09/06 12:0 a.m.5 views

PT-2023-28171 · Jenkins · Jenkins Job Configuration History Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Job Configuration History Plugin versions 1227.v7a 79fc4dc01f and earlier Description: The issue is related to the configuration of the XML parser in the Jenkins Job Configuration History Plugin, which does not prevent XML external...

8.8CVSS8.3AI score0.0075EPSS
Exploits0References10
Veracode
Veracode
added 2023/05/30 7:47 a.m.23 views

Information Disclosure

Codedx is vulnerable to Information Disclosure. The vulnerability exists because the job configuration form does not mask API keys which allows an attacker to gain access to observe and capture the key information...

4.3CVSS7AI score0.00409EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2023/05/30 7:35 a.m.18 views

Information Disclosure

Codedx is vulnerable to Information Disclosure. The vulnerability exists because the server API keys are stored in job config.xml without encrypting which allows an attacker to gain read access on the controller file system...

4.3CVSS6.6AI score0.00633EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/04/12 6:15 p.m.4 views

CVE-2023-30523

Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4.3CVSS5.8AI score0.00323EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:20 a.m.7 views

SUSE CVE-2018-1000146

An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM...

8.8CVSS9.2AI score0.01577EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:19 a.m.0 views

SUSE CVE-2018-1999005

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other us...

5.4CVSS4.7AI score0.00894EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:8 a.m.5 views

SUSE CVE-2019-16544

Jenkins QMetry for JIRA - Test Management Plugin 1.12 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

8.8CVSS8.4AI score0.00833EPSS
Exploits0References3
Rows per page
Query Builder