25 matches found
CVE-2023-39155
Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user.pem key form field, increasing the potential for attackers to observe and capture it...
PT-2023-22755 · Jenkins · Jenkins Wso2 Oauth Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins WSO2 Oauth Plugin versions 1.0 and earlier Description: The issue concerns the storage of the WSO2 Oauth client secret in an unencrypted form within the global config.xml file on the Jenkins controller. This file can be accessed by...
PT-2022-18286 · Unknown · Octopus Server
Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The issue arises when a sensitive value is a substring of another value, causing sensitive value masking to only partially work. Recommendations: At the moment, there is no informati...
DEBIAN-CVE-2019-14858
A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processe...
PT-2019-11742 · Jenkins · Jenkins Configuration As Code Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Configuration as Code Plugin versions 1.24 and earlier Jenkins Configuration as Code Plugin versions 0.8-alpha through 1.0 Description: The issue concerns the logging of configuration changes by the Configuration as Code Plugin, where...