75 matches found
CVE-2023-24442
Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file...
CVE-2022-34800
Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...
CVE-2022-34800
Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...
CVE-2022-34800
The CVE-2022-34800 entry corresponds to Jenkins Build Notifications Plugin 1.5.0 and earlier, where tokens are stored unencrypted in the Jenkins controller’s global configuration files. Affected files include the plugin’s global configuration artifacts (e.g., PushoverNotifier.xml, SlackNotifier.x...
Jenkins Plugin Cisco Spark 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...
PT-2022-22352 · Jenkins · Jenkins Build Notifications Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Build Notifications Plugin versions 1.5.0 and earlier Description: The issue allows users with access to the Jenkins controller file system to view tokens stored unencrypted in the plugin's global configuration files. Specifically,...
Jenkins Plugin Build Notifications 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...
CVE-2022-27218
CVE-2022-27218 affects Jenkins incapptic connect uploader Plugin 1.15 and earlier. The connected Red Hat/NVD/OSV/GHSA entries confirm that tokens are stored unencrypted in job config.xml files on the Jenkins controller and can be viewed by users with Extended Read permission or with access to the...
Jenkins incapptic connect uploader 插件安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins incapptic connect uploader Plug...
Jenkins Vmware vRealize CodeStream 插件安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Vmware vRealize CodeStream Plugin...
PT-2019-11841 · Jenkins · Jenkins Sofy.Ai Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Sofy.AI Plugin affected versions not specified Description: The issue concerns the storage of sensitive information by the Jenkins Sofy.AI Plugin. Specifically, it stores credentials and an API token unencrypted in job config.xml file...
CVE-2019-11276
Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2.4.12, 2.5.x prior to 2.5.8, and 2.6.x prior to 2.6.3, makes a request to the /cloudapplication endpoint via Spring actuator, and subsequent requests via unsecured http. An adjacent...
CVE-2019-11276
Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2.4.12, 2.5.x prior to 2.5.8, and 2.6.x prior to 2.6.3, makes a request to the /cloudapplication endpoint via Spring actuator, and subsequent requests via unsecured http. An adjacent...
PT-2019-11693 · Jenkins · Jenkins Netsparker Cloud Scan Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins Netsparker Cloud Scan Plugin version 1.1.5 and older Jenkins Netsparker Enterprise Scan Plugin affected versions not specified Description: The issue concerns the storage of sensitive information in plain text within configuration fil...
Facebook Reassures Users, But Hole May Put Mobile Data at Risk
UPDATED: Facebook Security assured users on Thursday who access their Facebook account via Android or iOS devices that mobile sessions on the social networking site aren’t vulnerable to hacking. However, research published this week suggests otherwise. A blog entry posted by UK-based mobile...