CVE-2019-10446

Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM...

CVE-2025-47886

A cross-site request forgery CSRF vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

CVE-2025-47886

A cross-site request forgery CSRF vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

Jenkins plugin Cadence vManager 跨站请求伪造漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security vulnerability...

PT-2025-21240 · Jenkins · Jenkins Cadence Vmanager Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Cadence vManager Plugin versions 4.0.1-286.v9e25a 740b a 48 and earlier Description: The issue is related to missing permission checks in the Jenkins Cadence vManager Plugin, which allows attackers with Overall/Read permission to...

GHSA-X9HJ-Q7XV-FV4V Jenkins Cadence vManager Plugin Stores Verisium Manager vAPI keys Unencrypted

Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins...

CVE-2025-31724

Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

GHSA-V46Q-XJP5-7P6R Stored XSS vulnerability in Jenkins Cadence vManager Plugin

Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Run/Update permission. Cadence vManager Plugin 3.0.5 removes affected tooltips...

Jenkins Cadence vManager Plugin disables SSL/TLS and hostname verification

Jenkins Cadence vManager Plugin prior to version 2.7.1 disables SSL/TLS and hostname verification globally for the Jenkins master JVM. This issue is patched in 2.7.1...

CloudBees Jenkins XSS Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An XSS vulnerability exists i...

CVE-2020-2243

Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Run/Update permission...

CVE-2020-2243

Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Run/Update permission...

CVE-2020-2243

Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Run/Update permission...

CVE-2020-2243

Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Run/Update permission...

CloudBees Jenkins Cadence vManager Plugin Trust Management Issue Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. company CloudBees. The product is mainly used to monitor the continuous software version of the release/test project and some timed execution of the task . Cadence vManager Plugin is use...

CVE-2019-10446

Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM...

Design/Logic Flaw

Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM...