88 matches found
CVE-2023-33001
Jenkins HashiCorp Vault Plugin 360.v0a1c04cf807d and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...
CVE-2022-25186
Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key...
CVE-2022-36888
A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb858fd6bf48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys...
CVE-2019-10435
Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure...
appscanstandard-integration:ibm-security-appscanstandard-scanner (>=1.0 <=2.8), com.cloudbees.jenkins.plugins:additional-identities-plugin (>=109.v2c51a_117a_7b_4 <=141.vd9ede1e02477) +499 more potentially affected by CVE-2025-27622 +1 more via org.jenkins-ci.main:jenkins-core (>=2.0 <=2.492.2)
org.jenkins-ci.main:jenkins-core MAVEN version =2.0, =1.0, =109.v2c51a117a7b4, =1.155.v3d884c1bdee1, =4050.v8ba69b587c39, =4050.v8ba69b587c39, =1.0.5, =2.0.0, =2.0, =1.0.2, =1.0.0, =2.2.0, =2.0.0, =0.1.0, =0.2.0 and more Source cves: CVE-2025-27622https://vulners.com/cve/CVE-2025-276...
appscanstandard-integration:ibm-security-appscanstandard-scanner (>=1.0 <=2.8), com.cloudbees.jenkins.plugins:additional-identities-plugin (>=109.v2c51a_117a_7b_4 <=141.vd9ede1e02477) +499 more potentially affected by CVE-2025-31720 via org.jenkins-ci.main:jenkins-core (>=2.0 <=2.492.2)
org.jenkins-ci.main:jenkins-core MAVEN version =2.0, =1.0, =109.v2c51a117a7b4, =1.155.v3d884c1bdee1, =4050.v8ba69b587c39, =4050.v8ba69b587c39, =1.0.5, =2.0.0, =2.0, =1.0.2, =1.0.0, =2.2.0, =2.0.0, =0.1.0, =0.2.0 and more Source cves: CVE-2025-31720https://vulners.com/cve/CVE-2025-317...
The vulnerability of the Vault plugin in the JetBrains TeamCity system for continuous integration and delivery applications allows a hacker to perform cross-site scripting attacks.
The vulnerability of the Vault plugin in the JetBrains TeamCity system for continuous integration and delivery applications is related to the lack of security measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotel...
The vulnerability of the HashiCorp Vault plugin in the JetBrains TeamCity continuous integration and delivery system allows a hacker to execute cross-site scripting attacks.
The vulnerability of the HashiCorp Vault plugin for the Continuous Integration and Delivery applications CI/CD system of JetBrains TeamCity exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site...
JetBrains TeamCity < 2024.07.1 Multiple Vulnerabilities
The version of JetBrains TeamCity installed on the remote host is prior to 2024.07.1. It is, therefore, affected by multiple vulnerabilities: - In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions CVE-2024-43114 - In JetBrains TeamCity before...
JetBrains TeamCity Cross-Site Scripting Vulnerability (CNVD-2025-16717)
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a cross-site...
CVE-2024-43808
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin...
CVE-2024-43808
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin...
PT-2024-7655 · Hashicorp +1 · Hashicorp Vault +2
Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.07.1 Description: The issue exists due to inadequate protection of the web page structure in the HashiCorp Vault plugin of the JetBrains TeamCity CI/CD system. Exploitation of this issue may allow a...
JetBrains TeamCity 安全漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a cross-site...
com.amadeus.jenkins.plugins:workflow-cps-global-lib-http (>=2.33.0 <=2.54.0), com.compuware.jenkins:compuware-scm-downloader (>=1.6 <=2.0.5) +105 more potentially affected by CVE-2023-40338 via org.jenkins-ci.plugins:cloudbees-folder (>=4.0 <=6.815.v0dd5a_cb_40e0e)
org.jenkins-ci.plugins:cloudbees-folder MAVEN version =4.0, =2.33.0, =1.6, =1.8, =1.0.2, =1.0.0, =2.0.0, =0.4, =1.0, =7.5.7, =0.9.1, =1.0-alpha-1, =1.27.19, =1.27.25 and more Source cves: CVE-2023-40338 Source advisory: OSV:GHSA-36HQ-V2FC-RPQP...
Jenkins HashiCorp Vault Plugin has improper masking of credentials
Jenkins HashiCorp Vault Plugin 360.v0a1c04cf807d and earlier does not properly mask i.e., replace with asterisks credentials printed in the build log from Pipeline steps like sh and bat, when both of the following conditions are met: - The credentials are printed in build steps executing on an...
CVE-2023-33001
Jenkins HashiCorp Vault Plugin 360.v0a1c04cf807d and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...
CVE-2023-33001
CVE-2023-33001 affects Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier. The issue is that credentials are not properly masked in build logs when push mode for durable task logging is enabled, exposing sensitive data and harming confidentiality. Root cause: inadequate masking in logs...
Jenkins HashiCorp Vault Plugin 日志信息泄露漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.15 Multiple Vulnerabilities (CloudBees Security Advisory 2023-04-12)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.15. It is, therefore, affected by multiple vulnerabilities including the following: - Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask i.e....