Lucene search
K

88 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:2 a.m.17 views

CVE-2023-33001

Jenkins HashiCorp Vault Plugin 360.v0a1c04cf807d and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

7.5CVSS6.8AI score0.00601EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:4 a.m.10 views

CVE-2022-25186

Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key...

6.5CVSS6.6AI score0.00809EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:18 p.m.2 views

CVE-2022-36888

A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb858fd6bf48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys...

6.5CVSS6.6AI score0.00605EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:42 a.m.9 views

CVE-2019-10435

Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure...

7.5CVSS6.8AI score0.00887EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/04/02 3:31 p.m.10 views

appscanstandard-integration:ibm-security-appscanstandard-scanner (>=1.0 <=2.8), com.cloudbees.jenkins.plugins:additional-identities-plugin (>=109.v2c51a_117a_7b_4 <=141.vd9ede1e02477) +499 more potentially affected by CVE-2025-27622 +1 more via org.jenkins-ci.main:jenkins-core (>=2.0 <=2.492.2)

org.jenkins-ci.main:jenkins-core MAVEN version =2.0, =1.0, =109.v2c51a117a7b4, =1.155.v3d884c1bdee1, =4050.v8ba69b587c39, =4050.v8ba69b587c39, =1.0.5, =2.0.0, =2.0, =1.0.2, =1.0.0, =2.2.0, =2.0.0, =0.1.0, =0.2.0 and more Source cves: CVE-2025-27622https://vulners.com/cve/CVE-2025-276...

4.3CVSS6.8AI score0.00727EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/04/02 3:31 p.m.8 views

appscanstandard-integration:ibm-security-appscanstandard-scanner (>=1.0 <=2.8), com.cloudbees.jenkins.plugins:additional-identities-plugin (>=109.v2c51a_117a_7b_4 <=141.vd9ede1e02477) +499 more potentially affected by CVE-2025-31720 via org.jenkins-ci.main:jenkins-core (>=2.0 <=2.492.2)

org.jenkins-ci.main:jenkins-core MAVEN version =2.0, =1.0, =109.v2c51a117a7b4, =1.155.v3d884c1bdee1, =4050.v8ba69b587c39, =4050.v8ba69b587c39, =1.0.5, =2.0.0, =2.0, =1.0.2, =1.0.0, =2.2.0, =2.0.0, =0.1.0, =0.2.0 and more Source cves: CVE-2025-31720https://vulners.com/cve/CVE-2025-317...

4.3CVSS6.3AI score0.0039EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/02/06 12:0 a.m.8 views

The vulnerability of the Vault plugin in the JetBrains TeamCity system for continuous integration and delivery applications allows a hacker to perform cross-site scripting attacks.

The vulnerability of the Vault plugin in the JetBrains TeamCity system for continuous integration and delivery applications is related to the lack of security measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotel...

5.5CVSS5.2AI score0.02733EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/11/07 12:0 a.m.8 views

The vulnerability of the HashiCorp Vault plugin in the JetBrains TeamCity continuous integration and delivery system allows a hacker to execute cross-site scripting attacks.

The vulnerability of the HashiCorp Vault plugin for the Continuous Integration and Delivery applications CI/CD system of JetBrains TeamCity exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site...

3.7CVSS5.2AI score0.00248EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/08/23 12:0 a.m.16 views

JetBrains TeamCity < 2024.07.1 Multiple Vulnerabilities

The version of JetBrains TeamCity installed on the remote host is prior to 2024.07.1. It is, therefore, affected by multiple vulnerabilities: - In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions CVE-2024-43114 - In JetBrains TeamCity before...

7.8CVSS5.4AI score0.00342EPSS
Exploits0References6
CNVD
CNVD
added 2024/08/20 12:0 a.m.3 views

JetBrains TeamCity Cross-Site Scripting Vulnerability (CNVD-2025-16717)

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a cross-site...

5.4CVSS6.4AI score0.00248EPSS
Exploits0References1
OSV
OSV
added 2024/08/16 3:15 p.m.2 views

CVE-2024-43808

In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin...

5.4CVSS5.8AI score0.00248EPSS
Exploits0References1
NVD
NVD
added 2024/08/16 3:15 p.m.23 views

CVE-2024-43808

In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin...

5.4CVSS0.00248EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/16 12:0 a.m.5 views

PT-2024-7655 · Hashicorp +1 · Hashicorp Vault +2

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.07.1 Description: The issue exists due to inadequate protection of the web page structure in the HashiCorp Vault plugin of the JetBrains TeamCity CI/CD system. Exploitation of this issue may allow a...

5.4CVSS7.2AI score0.00248EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/08/16 12:0 a.m.6 views

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a cross-site...

5.4CVSS6.3AI score0.00248EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2023/08/16 3:30 p.m.5 views

com.amadeus.jenkins.plugins:workflow-cps-global-lib-http (>=2.33.0 <=2.54.0), com.compuware.jenkins:compuware-scm-downloader (>=1.6 <=2.0.5) +105 more potentially affected by CVE-2023-40338 via org.jenkins-ci.plugins:cloudbees-folder (>=4.0 <=6.815.v0dd5a_cb_40e0e)

org.jenkins-ci.plugins:cloudbees-folder MAVEN version =4.0, =2.33.0, =1.6, =1.8, =1.0.2, =1.0.0, =2.0.0, =0.4, =1.0, =7.5.7, =0.9.1, =1.0-alpha-1, =1.27.19, =1.27.25 and more Source cves: CVE-2023-40338 Source advisory: OSV:GHSA-36HQ-V2FC-RPQP...

4.3CVSS5.8AI score0.00533EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2023/05/16 6:30 p.m.80 views

Jenkins HashiCorp Vault Plugin has improper masking of credentials

Jenkins HashiCorp Vault Plugin 360.v0a1c04cf807d and earlier does not properly mask i.e., replace with asterisks credentials printed in the build log from Pipeline steps like sh and bat, when both of the following conditions are met: - The credentials are printed in build steps executing on an...

7.5CVSS6.6AI score0.00601EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/05/16 4:0 p.m.41 views

CVE-2023-33001

Jenkins HashiCorp Vault Plugin 360.v0a1c04cf807d and earlier does not properly mask i.e., replace with asterisks credentials in the build log when push mode for durable task logging is enabled...

7.7AI score0.00601EPSS
Exploits0References1
CVE
CVE
added 2023/05/16 4:0 p.m.72 views

CVE-2023-33001

CVE-2023-33001 affects Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier. The issue is that credentials are not properly masked in build logs when push mode for durable task logging is enabled, exposing sensitive data and harming confidentiality. Root cause: inadequate masking in logs...

7.5CVSS7.5AI score0.00601EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/05/16 12:0 a.m.7 views

Jenkins HashiCorp Vault Plugin 日志信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

7.5CVSS7.3AI score0.00601EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/04/13 12:0 a.m.24 views

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.15 Multiple Vulnerabilities (CloudBees Security Advisory 2023-04-12)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.15. It is, therefore, affected by multiple vulnerabilities including the following: - Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask i.e....

8.8CVSS5.9AI score0.0078EPSS
Exploits0References21
Rows per page
Query Builder