19 matches found
CVE-2023-46652
A missing permission check in Jenkins lambdatest-automation Plugin 1.20.9 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins...
CVE-2025-30795 WordPress Automation By Autonami plugin <= 3.5.1 - Open Redirection vulnerability
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Aman FunnelKit Automations wp-marketing-automations allows Phishing.This issue affects FunnelKit Automations: from n/a through = 3.5.1...
CVE-2023-38020
IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate output written to log files. IBM X-Force ID: 260576...
Jenkins lambdatest-automation Plugin missing permission check
Jenkins lambdatest-automation Plugin 1.20.9 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins. Those can be used as part of an attack to capture the...
Jenkins lambdatest-automation Plugin may expose Credentials access token
Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level. This can result in accidental exposure of the token through the default system log. lambdatest-automation Plugin 1.21.0 no longer logs LAMBDATEST Credentials access token...
GHSA-VW64-G7C6-MM7G Jenkins lambdatest-automation Plugin missing permission check
Jenkins lambdatest-automation Plugin 1.20.9 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins. Those can be used as part of an attack to capture the...
CVE-2023-46653
Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure...
CVE-2023-46652
CVE-2023-46652 – Jenkins lambdatest-automation Plugin : The issue is a missing permission check on an HTTP endpoint in versions 1.20.9 and earlier, allowing users with Overall/Read to enumerate LAMBDATEST credentials IDs stored in Jenkins. This can facilitate credential access via a separate vuln...
CVE-2023-46653
Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure...
CVE-2023-46653
CVE-2023-46653 affects the Jenkins lambdatest-automation Plugin, with versions ≤ 1.20.10, where the plugin logs the LAMBDATEST Credentials access token at INFO level. This could lead to token exposure via default system logs. Root cause (as reported): sensitive credentials are logged; impact is e...
PT-2023-30143 · Jenkins · Jenkins +1
Name of the Vulnerable Software and Affected Versions: Jenkins lambdatest-automation Plugin versions 1.20.9 and earlier Description: A missing permission check in the Jenkins lambdatest-automation Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST...
GHSA-X23M-8C2H-6WG7 Redgate SQL Change Automation Plugin stored credentials in plain text
Redgate SQL Change Automation Plugin 2.0.4 and earlier stores a NuGet API key unencrypted in job config.xml files as part of its configuration. This credential could be viewed by users with Extended Read permission or access to the Jenkins controller file system. This is due to an incomplete fix ...
CVE-2020-2095
CVE-2020-2095 affects the Jenkins Redgate SQL Change Automation Plugin (versions 2.0.4 and earlier). The vulnerability arises because an API key is stored unencrypted in job config.xml files on the Jenkins master, allowing viewing by users with Extended Read permission or access to the master fil...
CVE-2020-2095
Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored an API key unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-16557
Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-16557
Summary: CVE-2019-16557 affects Jenkins with the Redgate SQL Change Automation Plugin 2.0.3 and earlier. The issue is that credentials are stored unencrypted in job config.xml files on the Jenkins master, enabling exposure to anyone with Extended Read permissions or access to the master filesyste...
CloudBees Jenkins VMware vRealize Automation Plugin Trust Management Issue Vulnerability
CloudBees Jenkins Hudson Labs is a set of U.S. CloudBees company based on Java development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed execution of the task . VMware vRealize Automation Plugin is us...
CVE-2019-1003068
Jenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-1003068
Jenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...