7807 matches found
CVE-2019-10362
Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change Jenkins system configuration to obtain the values of environment variables...
Design/Logic Flaw
Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log...
Design/Logic Flaw
Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change Jenkins system configuration to obtain the values of environment variables...
CVE-2019-10358
Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log...
CVE-2019-10358
Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log...
CVE-2019-10358
CVE-2019-10358 affects the Jenkins Maven Integration Plugin (versions ≤ 3.3). The root cause is that build log decorators were not applied to module builds, which could cause sensitive build variables to be exposed in logs. The available connected documents consistently describe this as a disclos...
CVE-2019-10362
Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change Jenkins system configuration to obtain the values of environment variables...
CVE-2019-10362
CVE-2019-10362 relates to the Jenkins Configuration as Code Plugin (versions ≤ 1.24). The issue arises because values were not escaped, enabling variable interpolation during configuration export/import. As a result, users with permission to modify Jenkins system configuration could obtain the va...
PT-2019-11754 · Jenkins · Jenkins Maven Integration Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Maven Integration Plugin versions 3.3 and earlier Description: The issue potentially reveals sensitive build variables in the build log because build log decorators are not applied to module builds. Recommendations: For Jenkins Maven...
PT-2019-11758 · Jenkins · Jenkins Configuration As Code Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Configuration as Code Plugin versions 1.24 and earlier Description: The issue allows attackers with permission to change Jenkins system configuration to obtain the values of environment variables due to variable interpolation during...
FreeBSD -- telnet(1) client multiple vulnerabilities
Problem Description: Insufficient validation of environment variables in the telnet client supplied in FreeBSD can lead to stack-based buffer overflows. A stack- based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This...
CVE-2019-1010241
Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line 30 passwordVariable. The attack vector is: Attacker creates and executes a...
CloudBees Jenkins Credentials Binding Plugin Jenkins Plugin Information Disclosure Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Jenkins Credentials Binding Plugin is used in...
CVE-2019-1010241
Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line 30 passwordVariable. The attack vector is: Attacker creates and executes a...
CVE-2019-1010241
Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line 30 passwordVariable. The attack vector is: Attacker creates and executes a...
Format string
Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line 30 passwordVariable. The attack vector is: Attacker creates and executes a...
CVE-2019-1010241
Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line 30 passwordVariable. The attack vector is: Attacker creates and executes a...
Unspecified Vulnerability in Juniper Networks Junos OS
Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. A security vulnerability exists in Juniper Networks Junos OS that arises from the program not adequately validating...
CVE-2019-0053
Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via t...
DEBIAN-CVE-2019-0053
Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via t...