35 matches found
CVE-2018-1000149
A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java, AnsibleContext.java, AnsibleJobDslExtension.java, AnsiblePlaybookBuilder.java, AnsiblePlaybookStep.java that...
EUVD-2023-1512
Malicious code in bioql PyPI...
EUVD-2022-2880
Malicious code in bioql PyPI...
EUVD-2023-1458
Malicious code in bioql PyPI...
EUVD-2022-2077
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-25635
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Ansible Base when using the awsssm connection plugin as garbage collector is not happening after playbook run is completed. Files would rema...
CVE-2023-32982
Jenkins Ansible Plugin 204.v8191fd551ebf and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2023-32983
Jenkins Ansible Plugin 204.v8191fd551ebf and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them...
CVE-2020-2310
Missing permission checks in Jenkins Ansible Plugin 1.0 and earlier allow attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
GHSA-38HW-368M-7JMG Jenkins Ansible Plugin stores and displays secrets in plain text
Jenkins Ansible Plugin allows the specification of extra variables that can be passed to Ansible. These extra variables are commonly used to pass secrets. Ansible Plugin 204.v8191fd551ebf and earlier stores these extra variables unencrypted in job config.xml files on the Jenkins controller as par...
Jenkins Ansible Plugin job configuration form does not mask variables
Jenkins Ansible Plugin allows the specification of extra variables that can be passed to Ansible. These extra variables are commonly used to pass secrets. Ansible Plugin 204.v8191fd551ebf and earlier stores these extra variables unencrypted in job config.xml files on the Jenkins controller as par...
GHSA-97WP-63WQ-HFWH Jenkins Ansible Plugin job configuration form does not mask variables
Jenkins Ansible Plugin allows the specification of extra variables that can be passed to Ansible. These extra variables are commonly used to pass secrets. Ansible Plugin 204.v8191fd551ebf and earlier stores these extra variables unencrypted in job config.xml files on the Jenkins controller as par...
CVE-2023-32982
Jenkins Ansible Plugin 204.v8191fd551ebf and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2023-32983
Jenkins Ansible Plugin 204.v8191fd551ebf and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them...
CVE-2023-32982
Jenkins Ansible Plugin 204.v8191fd551ebf and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2023-32983
Jenkins Ansible Plugin 204.v8191fd551ebf and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them...
CVE-2023-32983
CVE-2023-32983 affects the Jenkins Ansible Plugin up to 204.v8191fd551eb_f. The root cause is that the plugin does not mask extra variables on the job configuration form and stores these variables unencrypted in config.xml, allowing users with read access or file-system access to observe them. Re...
CVE-2023-32983
Jenkins Ansible Plugin 204.v8191fd551ebf and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them...
CVE-2023-32982
Jenkins Ansible Plugin 204.v8191fd551ebf and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2023-32982
CVE-2023-32982 affects the Jenkins Ansible Plugin (versions including 204.v8191fd551eb_f and earlier). The underlying issue is that extra variables passed to Ansible were stored unencrypted in job config.xml on the Jenkins controller, allowing visibility to users with Item/Extended Read permissio...