332 matches found
CVE-2023-50773
CVE-2023-50773 affects Jenkins Dingding JSON Pusher Plugin 2.0 and earlier. The vulnerability arises because the plugin stores access tokens unencrypted in job config.xml (CVE-2023-50772) and does not mask access tokens displayed on the job configuration form (CVE-2023-50773). This can allow atta...
Jenkins PaaSLane Estimate Plugin Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2023-31642 · Jenkins · Jenkins Dingding Json Pusher Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Dingding JSON Pusher Plugin versions 2.0 and earlier Description: The issue concerns the Jenkins Dingding JSON Pusher Plugin, where access tokens are not masked on the job configuration form. This increases the potential for attackers...
Jenkins Dingding JSON Pusher Plugin Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
GHSA-CGH7-RGQG-HRCX Path traversal allows exploiting XXE vulnerability in Jenkins Job Configuration History Plugin
Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'...
CVE-2023-41933
Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2023-41933
CVE-2023-41933 affects Jenkins Job Configuration History Plugin versions 1227.v7a_79fc4dc01f and earlier. The root cause is that the plugin does not configure its XML parser to prevent XML External Entity (XXE) attacks, enabling potential XXE exploitation. The provided documents do not specify ex...
CVE-2023-41931
CVE-2023-41931 — Jenkins Job Configuration History Plugin : The vulnerability affects the Jenkins Job Configuration History Plugin (versions 1227.v7a_79fc4dc01f and earlier). The root cause is the plugin not properly sanitizing or escaping the timestamp value from history entries when rendering a...
CVE-2023-41932
The CVE-2023-41932 entry affects Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier. The root cause is that the plugin does not restrict the 'timestamp' query parameter across multiple endpoints, which can allow an attacker to delete attacker-specified directories on the Jen...
PT-2023-28168 · Jenkins · Jenkins Job Configuration History Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Job Configuration History Plugin versions 1227.v7a 79fc4dc01f and earlier Description: The issue allows attackers to manipulate the configuration history rendered by Jenkins, as the 'name' query parameter is not restricted when...
Jenkins Plugin Job Configuration History Code Issue Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Plugin Job Configuration History Path Traversal Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Plugin Job Configuration History Code Issue Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2023-28171 · Jenkins · Jenkins Job Configuration History Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Job Configuration History Plugin versions 1227.v7a 79fc4dc01f and earlier Description: The issue is related to the configuration of the XML parser in the Jenkins Job Configuration History Plugin, which does not prevent XML external...
Information Disclosure
Codedx is vulnerable to Information Disclosure. The vulnerability exists because the job configuration form does not mask API keys which allows an attacker to gain access to observe and capture the key information...
Information Disclosure
Codedx is vulnerable to Information Disclosure. The vulnerability exists because the server API keys are stored in job config.xml without encrypting which allows an attacker to gain read access on the controller file system...
CVE-2023-30523
Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
SUSE CVE-2018-1000146
An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM...
SUSE CVE-2018-1999005
A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other us...
SUSE CVE-2019-16544
Jenkins QMetry for JIRA - Test Management Plugin 1.12 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...