INTERCEPT - Policy As Code Static Analysis Auditing

Stupidly easy to use, small footprint Policy as Code subsecond command-line scanner that leverages the power of the fastest multi-line search tool to scan your codebase. It can be used as a linter, guard rail control or simple data collector and inspector. Consider it a weaponized ripgrep. Works ...

Shift Well-Architecture Left. By Extension, Security Will Follow

A story on how Infrastructure as Code can be your ally on Well-Architecting and securing your Cloud environment By Raphael Bottino, Solutions Architect -- first posted as a medium article Using Infrastructure as CodeIaC for short is the norm in the Cloud. CloudFormation, CDK, Terraform, Serverles...

CloudBees Jenkins Configuration as Code Information Disclosure Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . Configuration as Code Plugin is used in which a Jenki...

CloudBees Jenkins Configuration as Code Plugin Security Feature Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . Configuration as Code Plugin is used in which a Jenki...

CVE-2019-10367

Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied...

CVE-2019-10367

Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied...

Authorization

Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied...

CVE-2019-10367

The CVE-2019-10367 entry concerns Jenkins Configuration as Code Plugin where Jenkins Configuration as Code Plugin 1.26 and earlier failed to properly mask certain values when logging the configuration being applied. This stems from an incomplete fix of CVE-2019-10343, not fully masking secrets in...

PT-2019-11763 · Jenkins · Jenkins Configuration As Code Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Configuration as Code Plugin versions 1.26 and earlier Description: The issue arises from an incomplete fix that did not properly apply masking to some values expected to be hidden when logging the configuration being applied. This...

CloudBees Jenkins Configuration as Code Plugin Input Validation Error Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . Configuration as Code Plugin is used in which a Jenki...

CloudBees Jenkins Configuration as Code Plugin Trust Issues Management Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . Configuration as Code Plugin is used in which a Jenki...

CloudBees Jenkins Configuration as Code Plugin License Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . Configuration as Code Plugin is used in which a Jenki...

CloudBees Jenkins Configuration as Code plugin log information leakage vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . Configuration as Code Plugin is used in which a Jenki...

Design/Logic Flaw

Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins...

CVE-2019-10344

CVE-2019-10344 affects Jenkins Configuration as Code Plugin (versions 1.24 and earlier). The issue is missing permission checks on various HTTP endpoints, allowing users with Overall/Read access to access the generated schema and documentation for the plugin, which contains detailed information a...

CVE-2019-10362

CVE-2019-10362 relates to the Jenkins Configuration as Code Plugin (versions ≤ 1.24). The issue arises because values were not escaped, enabling variable interpolation during configuration export/import. As a result, users with permission to modify Jenkins system configuration could obtain the va...

CVE-2019-10363

The CVE-2019-10363 issue affects Jenkins Configuration as Code Plugin versions 1.24 and earlier, where the plugin did not reliably identify sensitive values in the YAML export as encrypted, enabling potential exposure of credentials. The root cause is tied to handling of the Secret type when expo...

PT-2019-11743 · Jenkins · Jenkins Configuration As Code Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Configuration as Code Plugin versions 1.24 and earlier Description: The issue concerns missing permission checks in various HTTP endpoints, allowing users with Overall/Read access to access the generated schema and documentation for t...

PT-2019-11759 · Jenkins · Jenkins Configuration As Code Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Configuration as Code Plugin versions 1.24 and earlier Description: The issue concerns the Jenkins Configuration as Code Plugin, which did not reliably identify sensitive values expected to be exported in their encrypted form...

PT-2019-11742 · Jenkins · Jenkins Configuration As Code Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Configuration as Code Plugin versions 1.24 and earlier Jenkins Configuration as Code Plugin versions 0.8-alpha through 1.0 Description: The issue concerns the logging of configuration changes by the Configuration as Code Plugin, where...