UBUNTU-CVE-2025-22237

An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...

SUSE CVE-2012-3864

Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request...

SUSE CVE-2012-3866

lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for lastrunreport.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file...

SUSE CVE-2019-16544

Jenkins QMetry for JIRA - Test Management Plugin 1.12 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

GHSA-X2Q2-8PWQ-FR5R Jenkins allows Bypass of Access Restrictions

Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665...

CVE-2020-2177

Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

PT-2020-15377 · Jenkins · Jenkins Cryptomove Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins CryptoMove Plugin versions 0.1.33 and earlier Description: The issue allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins. This is possible because th...

PT-2020-15340 · Jenkins · Jenkins Harvest Scm Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Harvest SCM Plugin versions 0.5.1 and earlier Description: The issue allows passwords to be stored unencrypted in job config.xml files on the Jenkins master. These passwords can be viewed by users with Extended Read permission or thos...

CVE-2019-16572

Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-10452

Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

PT-2019-11830 · Jenkins · Jenkins Google Oauth Credentials Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Google OAuth Credentials Plugin version 0.9 and earlier Description: The issue allows attackers who can configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master due to an arbitrary file read...

PT-2019-11844 · Jenkins · Jenkins Elasticbox Ci Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins ElasticBox CI Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global config.xml configuration file on the Jenkins master. This allows users with...

CVE-2019-10425

Jenkins Google Calendar Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-10413

Jenkins Data Theorem: CI/CD Plugin 1.3 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

PT-2019-11807 · Jenkins · Jenkins Data Theorem: Ci/Cd Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Data Theorem: CI/CD Plugin versions 1.3 and earlier Description: The issue concerns the storage of credentials in an unencrypted manner in job config.xml files on the Jenkins master. This allows users with Extended Read permission or...

PT-2019-11815 · Jenkins · Jenkins Azure Event Grid Build Notifier Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Azure Event Grid Build Notifier Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner in job config.xml files on the Jenkins master or controller. Specifically, the...

PT-2019-11771 · Jenkins · Jenkins File System Scm Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins File System SCM Plugin version 2.1 and earlier Description: The issue allows attackers who can configure jobs in Jenkins to read the contents of any file on the Jenkins master. This is due to an arbitrary file read vulnerability...

PT-2019-11750 · Jenkins · Jenkins Caliper Ci Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Caliper CI Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within job config.xml files on the Jenkins master or controller. These credentials can be accessed b...

CVE-2019-10286

Jenkins DeployHub Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-1003053

Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...