CVE-2019-1003062

Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-1003073

Jenkins VS Team Services Continuous Deployment Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-1003057

Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-1003055

Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-1003054

CVE-2019-1003054 relates to the Jenkins Jira Issue Updater Plugin, where credentials are stored unencrypted in job config.xml on the Jenkins master/controller. The vulnerability arises from credentials being accessible to any user with Extended Read permission or with access to the master/control...

CVE-2019-1003053

Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-1003055

Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-1003053

Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-1003051

Jenkins IRC Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

PT-2019-11386 · Jenkins · Jenkins Testfairy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins TestFairy Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within job config.xml files on the Jenkins master. This allows users with Extended Read permission or...

PT-2019-11387 · Jenkins · Jenkins Crowd Integration Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Crowd Integration Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global config.xml configuration file on the Jenkins master. This allows users with...

Design/Logic Flaw

A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system...

CVE-2018-1000601

A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system...

CVE-2018-1000601

A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system...

SLiMS 8 Akasia Master File Module Cross-Site Scripting Vulnerability

SLiMS 8 Akasia is an open source, free library management system.Master File module is one of the file storage modules. A cross-site scripting vulnerability exists in the Master File module in SLiMS 8 Akasia version 8.3.1. A remote attacker can use admin/modules/masterfile/rdacmc.php?keywords= UR...

CVE-2018-12657

Reflected Cross-Site Scripting XSS exists in the Master File module in SLiMS 8 Akasia 8.3.1 via an admin/modules/masterfile/rdacmc.php?keywords= URI...

CVE-2018-12657

Reflected Cross-Site Scripting XSS exists in the Master File module in SLiMS 8 Akasia 8.3.1 via an admin/modules/masterfile/rdacmc.php?keywords= URI...

PT-2018-10785 · Libyal · Libfsntfs

Name of the Vulnerable Software and Affected Versions: libfsntfs versions through 2018-04-20 Description: The issue allows remote attackers to cause an information disclosure via a crafted ntfs file. This is achieved through a heap-based buffer over-read in the libfsntfs attribute read from mft...

CVE-2017-1000505

In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new File objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type...

Bye, bye Petya! Decryptor for old versions released.

Following the outbreak of the Petya-based malware in Ukraine, the author of the original version, Janus, decided to release his master key, probably closing the project. You can read the full story here. Based on the released key, we prepared a decryptor that is capable of unlocking all the...