20 matches found
EUVD-2025-177775
Malicious code in mongodb-cz-conventional-changelog-rollup-plugin-biosignature npm...
EUVD-2022-4330
Malicious code in bioql PyPI...
CVE-2019-10414
Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
RHEL 7 : 389-ds-base (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - 389-ds-base: replication and the Retro Changelog plugin store plaintext password by default CVE-2018-10871 Note tha...
Jenkins Git Changelog Plugin has Insufficiently Protected Credentials
Git Changelog Plugin stored MediaWiki and Jira passwords unencrypted in job config.xml files on the Jenkins controller. These passwords could be viewed by users with Extended Read permission, or access to the Jenkins controller file system. Git Changelog Plugin now stores these passwords encrypte...
GHSA-H27G-72MH-9M33 Jenkins Git Changelog Plugin has Insufficiently Protected Credentials
Git Changelog Plugin stored MediaWiki and Jira passwords unencrypted in job config.xml files on the Jenkins controller. These passwords could be viewed by users with Extended Read permission, or access to the Jenkins controller file system. Git Changelog Plugin now stores these passwords encrypte...
Stored XSS vulnerability in Jenkins Git Changelog Plugin
A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attacke...
GHSA-JCMG-9RW5-9RM2 Stored XSS vulnerability in Jenkins Git Changelog Plugin
A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attacke...
Unspecified Vulnerability in CloudBees Jenkins Git Changelog Plugin
CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. CloudBees. The product is mainly used to monitor the continuous software version of the release/testing project and some timed tasks . Git Changelog Plugin is used in one of the Git...
CVE-2019-10414
Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10414
Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
Design/Logic Flaw
Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10414
Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
PT-2019-11808 · Jenkins · Jenkins Git Changelog Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Git Changelog Plugin versions 2.17 and earlier Description: The issue concerns the storage of credentials in an unencrypted manner in job config.xml files on the Jenkins master or controller. Specifically, MediaWiki and Jira passwords...
CVE-2018-1000426
A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attacke...
CVE-2018-1000426
A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attacke...
Cross site scripting
A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attacke...
CVE-2018-1000426
A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin
CVE-2018-1000426
A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attacke...
389-ds-base security, bug fix, and enhancement update
1.3.8.4-15 - Bump version to 1.3.8.4-15 - Resolves: Bug 1624004 - Fix regression in last patch 1.3.8.4-14 - Bump version to 1.3.8.4-14 - Resolves: Bug 1624004 - potential denial of service attack 1.3.8.4-13 - Bump version to 1.3.8.4-13 - Resolves: Bug 1623949 - Crash in deletepasswdPolicy when...