11 matches found
CVE-2023-43494
A flaw was found in Jenkins weekly and LTS caused by not excluding sensitive build variables when filtering builds in the build history widget. By sending a specially crafted request, a remote, authenticated attacker could obtain values of sensitive variables used in builds and use this informati...
Jenkins does not exclude sensitive build variables from search
Jenkins allows filtering builds in the build history widget by specifying an expression that searches for matching builds by name, description, parameter values, etc. Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through 2.414.1 both inclusive does not exclude sensitive build variables...
CVE-2023-43494
Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through 2.414.1 both inclusive does not exclude sensitive build variables e.g., password parameter values from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in...
CVE-2023-43494
Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through 2.414.1 both inclusive does not exclude sensitive build variables e.g., password parameter values from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in...
Code injection
Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through 2.414.1 both inclusive does not exclude sensitive build variables e.g., password parameter values from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in...
CVE-2023-43494
Jenkins 2.50 through 2.423 both inclusive, LTS 2.60.1 through 2.414.1 both inclusive does not exclude sensitive build variables e.g., password parameter values from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in...
CVE-2023-43494
CVE-2023-43494 affects Jenkins 2.50–2.423 and LTS 2.60.1–2.414.1, where sensitive build variables (e.g., password values) are not excluded from the build history search. An attacker with Item/Read permission can iteratively test characters to reveal sensitive variable values used in builds. Conne...
Jenkins Security Vulnerabilities
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. Jenkins has a security vulnerability that stems from not excluding sensitive build variables such as password parameter...
PT-2023-28844 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.50 through 2.423 Jenkins LTS versions 2.60.1 through 2.414.1 Description: The issue allows attackers with Item/Read permission to obtain values of sensitive variables used in builds by iteratively testing different characte...
CVE-2019-18363
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances...
CVE-2019-18363
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances...