32 matches found
CVE-2020-2198
The CVE-2020-2198 issue affects the Jenkins Project Inheritance Plugin where encrypted secrets in a job’s config.xml are not redacted by the getConfigAsXML API when accessed by users without Job/Configure permissions. Multiple sources indicate this affects older plugin versions (e.g., 19.08.02 an...
CVE-2020-2198
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure...
PT-2020-15411 · Jenkins · Jenkins Project Inheritance Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Project Inheritance Plugin versions 21.04.03 and earlier Jenkins Project Inheritance Plugin version 19.08.02 and earlier Description: The issue allows access to Inheritance Project job configurations in XML format without requiring th...
CloudBees Jenkins Project Inheritance Plugin Cross-Site Request Forgery Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Project Inheritance Plugin is used in one of...
CloudBees Project Inheritance Plugin Information Disclosure Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Project Inheritance Plugin is used in one of...
CVE-2019-10408
A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates...
CVE-2019-10407
Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin...
CVE-2019-10409
A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates...
CVE-2019-10407
CVE-2019-10407 affects Jenkins Project Inheritance Plugin (versions 2.0.0 and earlier; also referenced as 19.08.02 and earlier in extended advisories). The vulnerability stems from the plugin displaying a list of environment variables passed to a build without masking sensitive variables contribu...
CVE-2019-10408
A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates...
CVE-2019-10409
The CVE concerns Jenkins Project Inheritance Plugin, affecting 2.0.0 and earlier. Root cause: missing permission check allows users with Overall/Read to trigger project generation from templates. Impact: unauthorized project creation without elevated privileges. Exploitation status is not detaile...
CVE-2019-10408
The CVE refers to Jenkins Project Inheritance Plugin (2.0.0 and earlier) with a CSRF vulnerability caused by a missing permission check in the HTTP endpoint that triggers project creation from templates. This allowed users, potentially with limited access, to trigger project generation without pr...