Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2023/09/22 11:54 a.m.31 views

CVE-2023-43494

A flaw was found in Jenkins weekly and LTS caused by not excluding sensitive build variables when filtering builds in the build history widget. By sending a specially crafted request, a remote, authenticated attacker could obtain values of sensitive variables used in builds and use this informati...

4.3CVSS4.9AI score0.03388EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/09/20 6:30 p.m.34 views

Jenkins does not exclude sensitive build variables from search

Jenkins allows filtering builds in the build history widget by specifying an expression that searches for matching builds by name, description, parameter values, etc. Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through 2.414.1 both inclusive does not exclude sensitive build variables...

4.3CVSS6.6AI score0.03388EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2023/09/20 5:15 p.m.25 views

CVE-2023-43494

Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through 2.414.1 both inclusive does not exclude sensitive build variables e.g., password parameter values from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in...

4.3CVSS6.5AI score0.03388EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2023/09/20 5:15 p.m.28 views

CVE-2023-43494

Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through 2.414.1 both inclusive does not exclude sensitive build variables e.g., password parameter values from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in...

4.3CVSS6.8AI score0.03388EPSS
Exploits0
Prion
Prion
added 2023/09/20 5:15 p.m.47 views

Code injection

Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through 2.414.1 both inclusive does not exclude sensitive build variables e.g., password parameter values from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in...

4CVSS4.7AI score0.03388EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/09/20 4:6 p.m.41 views

CVE-2023-43494

Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through 2.414.1 both inclusive does not exclude sensitive build variables e.g., password parameter values from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in...

5.1AI score0.03388EPSS
Exploits0References2
CVE
CVE
added 2023/09/20 4:6 p.m.151 views

CVE-2023-43494

CVE-2023-43494 affects Jenkins 2.50–2.423 and LTS 2.60.1–2.414.1, where sensitive build variables (e.g., password values) are not excluded from the build history search. An attacker with Item/Read permission can iteratively test characters to reveal sensitive variable values used in builds. Conne...

4.3CVSS4.6AI score0.03388EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/09/20 12:0 a.m.7 views

Jenkins Security Vulnerabilities

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. Jenkins has a security vulnerability that stems from not excluding sensitive build variables such as password parameter...

4.3CVSS6.8AI score0.03388EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/09/20 12:0 a.m.4 views

PT-2023-28844 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.50 through 2.423 Jenkins LTS versions 2.60.1 through 2.414.1 Description: The issue allows attackers with Item/Read permission to obtain values of sensitive variables used in builds by iteratively testing different characte...

4.3CVSS5.1AI score0.03388EPSS
Exploits0References15
OSV
OSV
added 2019/10/31 3:15 p.m.6 views

CVE-2019-18363

In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances...

5.3CVSS6AI score0.00923EPSS
Exploits0References1
NVD
NVD
added 2019/10/31 3:15 p.m.19 views

CVE-2019-18363

In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances...

5.3CVSS6.3AI score0.00923EPSS
Exploits0References1
Rows per page
Query Builder