CVE-2020-2161

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels...

CVE-2020-2161

CVE-2020-2161 affects Jenkins 2.227 and earlier, and LTS 2.204.5 and earlier. It is a stored XSS cause by improper escaping of node labels shown in the form validation for label expressions on job configuration pages. The underlying issue is the failure to properly sanitize user-supplied node lab...

CVE-2020-2161

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels...

PT-2020-5054 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.227 and earlier Jenkins LTS versions 2.204.5 and earlier Description: The issue arises from the improper escaping of node labels shown in the form validation for label expressions on job configuration pages, resulting in a...

CVE-2020-2157

Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure...

Code injection

Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure...

CVE-2020-2153

CVE-2020-2153 affects Jenkins Backlog Plugin versions 2.4 and earlier. The root cause is that credentials are transmitted in plain text as part of job configuration forms, while stored credentials remain encrypted on disk. This can expose credentials to users with Extended Read permission when co...

CloudBees Jenkins Harvest SCM Plugin Code Execution Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A security vulnerability exis...

CVE-2020-2107

Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-16568

Jenkins SCTMExecutor Plugin 2.2 and earlier transmits previously configured service credentials in plain text as part of the global configuration, as well as individual jobs' configurations...

PT-2019-14711 · Jenkins · Jenkins Rundeck Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Rundeck Plugin versions 3.6.5 and earlier Description: The issue allows credentials to be stored unencrypted in the global configuration file and in job config.xml files on the Jenkins master. This can be accessed by users with Extend...

PT-2019-14712 · Redgate +1 · Jenkins Redgate Sql Change Automation Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Redgate SQL Change Automation Plugin versions 2.0.3 and earlier Description: The issue allows credentials to be stored unencrypted in job config.xml files on the Jenkins master. Users with Extended Read permission or access to the...

CVE-2019-16545

Jenkins QMetry for JIRA - Test Management Plugin transmits credentials in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure...

CVE-2019-16545

Jenkins QMetry for JIRA - Test Management Plugin transmits credentials in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure...

PT-2019-14699 · Jenkins · Jenkins Qmetry For Jira - Test Management Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins QMetry for JIRA - Test Management Plugin versions 1.12 and earlier Description: The issue concerns the storage of credentials in an unencrypted manner in job config.xml files on the Jenkins master or controller. This allows users with...

CVE-2019-10452

Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

Code injection

Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure...

CVE-2019-10435

Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure...

PT-2019-11829 · Sourcegear +1 · Jenkins Sourcegear Vault Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins SourceGear Vault Plugin affected versions not specified Description: The Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. There...

CVE-2019-10413

Jenkins Data Theorem: CI/CD Plugin 1.3 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...