16 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-22232
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt...
CVE-2024-22232
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master’s filesystem...
PT-2024-4385 · Salt +3 · Salt +3
Name of the Vulnerable Software and Affected Versions: Salt affected versions not specified Description: The issue is related to the creation of specially crafted URLs, leading to directory traversal on the Salt file server. This can allow a malicious user to read arbitrary files from a Salt...
SUSE CVE-2018-1000148
An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system...
GHSA-R9JF-HF9X-7HRV Exposure of Sensitive Information to an Unauthorized Actor Jenkins Script Security Plugin
In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new File objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type...
CVE-2019-16572
Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
Unspecified Vulnerability in CloudBees Jenkins Deploy WebLogic Plugin
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Deploy WebLogic Plugin is used in which a...
PT-2019-11827 · Jenkins · Jenkins Dingding Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Dingding Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner in job config.xml files on the Jenkins master. These credentials can be accessed by users with Extende...
CVE-2019-10429
Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
PT-2019-11779 · Jenkins · Jenkins Eggplant Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins eggPlant Plugin version 2.2 and earlier Description: The issue allows credentials to be stored unencrypted in job config.xml files on the Jenkins master. These credentials can be viewed by users with Extended Read permission or those...
CVE-2019-1003095
Jenkins Perfecto Mobile Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-1003075
Jenkins Audit to Database Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-1003054
Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CloudBees Jenkins Fortify CloudScan Plugin Arbitrary File Write Vulnerability
CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , which is mainly used to monitor the continuous software release/testing projects and some of the timed execution of the task . Fortify CloudScan...
CloudBees Jenkins SSH Credentials Plugin Arbitrary File Read Vulnerability
CloudBees Jenkins is a set of Java-based continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed tasks . SSH Credentials Plugin is used in one of the storage of SSH credentials used in the Jenkins Plugin. An...
Jenkins Script Security Plugin Arbitrary File Read Vulnerability
CloudBees Jenkins CI formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software release/testing projects and some of the timed execution of the task . Script Security...