CloudBees Jenkins Gitlab Authentication Plugin Authorization Issues Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . An authorization issue vulnerability exists in CloudBees Jenkins Gitlab Authentication Plugin, which can be exploited by an unauthorized attacker to impersonate...

CVE-2019-10372

An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login...

CVE-2019-10371

A session fixation vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows unauthorized attackers to impersonate another user if they can control the pre-authentication session...

CVE-2019-10372

An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login...

CVE-2019-10371

CVE-2019-10371 describes a session fixation vulnerability in Jenkins Gitlab Authentication Plugin versions 1.4 and earlier, arising from GitLabSecurityRealm.java that allows an attacker who can control the pre-authentication session to impersonate another user. Affected software: Jenkins Gitlab A...

CVE-2019-10372

The CVE-2019-10372 issue affects Jenkins with the Gitlab Authentication Plugin (version 1.4 and earlier). The root cause is in GitLabSecurityRealm.java, where the plugin redirects users to a URL outside Jenkins after successful login, enabling an open redirect. Public sources in the connected doc...

SUSE SLES15 Security Update : rmt-server (SUSE-SU-2019:1381-1)

This update for rmt-server to version 2.1.4 fixes the following issues : Fix duplicate nginx location in rmt-server-pubcloud bsc1135222 Mirror additional repos that were enabled during mirroring bsc1132690 Make service IDs consistent across different RMT instances bsc1134428 Make SMT data import...

CVE-2019-10319

A missing permission check in Jenkins PAM Authentication Plugin 1.5 and earlier, except 1.4.1 in PamSecurityRealm.DescriptorImpldoTest allowed users with Overall/Read permission to obtain limited information about the file /etc/shadow and the user Jenkins is running as...

Information disclosure

A missing permission check in Jenkins PAM Authentication Plugin 1.5 and earlier, except 1.4.1 in PamSecurityRealm.DescriptorImpldoTest allowed users with Overall/Read permission to obtain limited information about the file /etc/shadow and the user Jenkins is running as...

CVE-2019-10319

CVE-2019-10319 affects Jenkins PAM Authentication Plugin (versions 1.5 and earlier, except 1.4.1). The root cause is a missing permission check in PamSecurityRealm.doTest, which allowed users with Overall/Read permission to view limited information about /etc/shadow and the user Jenkins runs as. ...

PT-2019-11721 · Jenkins · Jenkins Pam Authentication Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins PAM Authentication Plugin versions 1.5 and earlier, except version 1.4.1 Description: A missing permission check in the PamSecurityRealm.DescriptorImpldoTest function allowed users with Overall/Read permission to obtain limited...

CVE-2019-10315

CVE-2019-10315 : Jenkins GitHub Authentication Plugin versions 0.31 and earlier did not validate the OAuth state parameter, enabling CSRF exposure. Exploitation could allow an attacker to capture the OAuth redirect URL and, if the victim is already authenticated in Jenkins, attach the victim’s Je...

PT-2019-11682 · Jenkins · Jenkins Assembla Auth Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Assembla Auth Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner in the global config.xml configuration file on the Jenkins master. This allows users with access ...

CloudBees Jenkins GitHub Authentication Plugin Session Fixation Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . GitHub Authentication Plugin is used in which ...

CVE-2019-1003021

An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser e.g. malicious extension to retrieve t...

Session fixation

An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session...

Design/Logic Flaw

An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser e.g. malicious extension to retrieve t...

CVE-2019-1003018

An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser e.g. malicious extension to retrieve the...

CVE-2019-1003018

CVE-2019-1003018 affects Jenkins GitHub Authentication Plugin 0.29 and earlier. The vulnerability lies in GithubSecurityRealm/config.jelly, allowing an attacker who can view a Jenkins administrator’s browser output (or influence the browser via a malicious extension) to retrieve the configured cl...

CVE-2019-1003018

An exposure of sensitive information vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser e.g. malicious extension to retrieve the...