Lucene search
K

19 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:59 a.m.7 views

CVE-2023-46652

A missing permission check in Jenkins lambdatest-automation Plugin 1.20.9 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins...

4.3CVSS6.4AI score0.00394EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/03/27 10:54 a.m.6 views

CVE-2025-30795 WordPress Automation By Autonami plugin <= 3.5.1 - Open Redirection vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Aman FunnelKit Automations wp-marketing-automations allows Phishing.This issue affects FunnelKit Automations: from n/a through = 3.5.1...

4.7CVSS7.3AI score0.00372EPSS
Exploits0References1
OSV
OSV
added 2024/02/02 4:15 a.m.2 views

CVE-2023-38020

IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate output written to log files. IBM X-Force ID: 260576...

4.3CVSS5.8AI score0.00379EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/10/25 6:32 p.m.21 views

Jenkins lambdatest-automation Plugin missing permission check

Jenkins lambdatest-automation Plugin 1.20.9 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins. Those can be used as part of an attack to capture the...

4.3CVSS6.7AI score0.00394EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/25 6:32 p.m.24 views

Jenkins lambdatest-automation Plugin may expose Credentials access token

Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level. This can result in accidental exposure of the token through the default system log. lambdatest-automation Plugin 1.21.0 no longer logs LAMBDATEST Credentials access token...

6.5CVSS7.1AI score0.00363EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/10/25 6:32 p.m.17 views

GHSA-VW64-G7C6-MM7G Jenkins lambdatest-automation Plugin missing permission check

Jenkins lambdatest-automation Plugin 1.20.9 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins. Those can be used as part of an attack to capture the...

4.3CVSS4.7AI score0.00394EPSS
Exploits0References4
OSV
OSV
added 2023/10/25 6:17 p.m.3 views

CVE-2023-46653

Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure...

6.5CVSS5.8AI score0.00363EPSS
Exploits0References2
CVE
CVE
added 2023/10/25 1:45 p.m.54 views

CVE-2023-46652

CVE-2023-46652 – Jenkins lambdatest-automation Plugin : The issue is a missing permission check on an HTTP endpoint in versions 1.20.9 and earlier, allowing users with Overall/Read to enumerate LAMBDATEST credentials IDs stored in Jenkins. This can facilitate credential access via a separate vuln...

4.3CVSS4.4AI score0.00394EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/10/25 1:45 p.m.22 views

CVE-2023-46653

Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure...

7AI score0.00363EPSS
Exploits0References2
CVE
CVE
added 2023/10/25 1:45 p.m.58 views

CVE-2023-46653

CVE-2023-46653 affects the Jenkins lambdatest-automation Plugin, with versions ≤ 1.20.10, where the plugin logs the LAMBDATEST Credentials access token at INFO level. This could lead to token exposure via default system logs. Root cause (as reported): sensitive credentials are logged; impact is e...

6.5CVSS6.4AI score0.00363EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.6 views

PT-2023-30143 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins lambdatest-automation Plugin versions 1.20.9 and earlier Description: A missing permission check in the Jenkins lambdatest-automation Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST...

4.3CVSS4.2AI score0.00394EPSS
Exploits0References7
OSV
OSV
added 2022/05/24 5:6 p.m.19 views

GHSA-X23M-8C2H-6WG7 Redgate SQL Change Automation Plugin stored credentials in plain text

Redgate SQL Change Automation Plugin 2.0.4 and earlier stores a NuGet API key unencrypted in job config.xml files as part of its configuration. This credential could be viewed by users with Extended Read permission or access to the Jenkins controller file system. This is due to an incomplete fix ...

4.3CVSS4.9AI score0.00855EPSS
Exploits0References4
CVE
CVE
added 2020/01/15 3:15 p.m.65 views

CVE-2020-2095

CVE-2020-2095 affects the Jenkins Redgate SQL Change Automation Plugin (versions 2.0.4 and earlier). The vulnerability arises because an API key is stored unencrypted in job config.xml files on the Jenkins master, allowing viewing by users with Extended Read permission or access to the master fil...

4.3CVSS4.9AI score0.00855EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/01/15 3:15 p.m.29 views

CVE-2020-2095

Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored an API key unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

4.9AI score0.00855EPSS
Exploits0References1
NVD
NVD
added 2019/12/17 3:15 p.m.28 views

CVE-2019-16557

Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS6.7AI score0.00852EPSS
Exploits0References2
CVE
CVE
added 2019/12/17 2:40 p.m.70 views

CVE-2019-16557

Summary: CVE-2019-16557 affects Jenkins with the Redgate SQL Change Automation Plugin 2.0.3 and earlier. The issue is that credentials are stored unencrypted in job config.xml files on the Jenkins master, enabling exposure to anyone with Extended Read permissions or access to the master filesyste...

6.5CVSS6.6AI score0.00852EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2019/10/14 12:0 a.m.6 views

CloudBees Jenkins VMware vRealize Automation Plugin Trust Management Issue Vulnerability

CloudBees Jenkins Hudson Labs is a set of U.S. CloudBees company based on Java development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed execution of the task . VMware vRealize Automation Plugin is us...

8.8CVSS7AI score0.01365EPSS
Exploits0References1
NVD
NVD
added 2019/04/04 4:29 p.m.23 views

CVE-2019-1003068

Jenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

8.8CVSS8.7AI score0.01365EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2019/04/04 3:38 p.m.24 views

CVE-2019-1003068

Jenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

8.8CVSS3.9AI score0.01365EPSS
Exploits0References3
Rows per page
Query Builder