48 matches found
GHSA-R9XC-54CQ-99R7 Cleartext Storage of Sensitive Information in Jenkins ElasticBox CI Plugin
Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
Skytap Cloud CI Plugin stored credentials in plain text
Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
GHSA-3FRC-879C-J9H5 Jenkins Caliper CI Plugin stores credentials in plain text
Jenkins Caliper CI Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. As of publication of this advisory, there is no fix...
Jenkins Caliper CI Plugin stores credentials in plain text
Jenkins Caliper CI Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. As of publication of this advisory, there is no fix...
com.antelink.reporter.jenkins.plugin:AntepediaReporter-CI-plugin (>=1.7 <=1.8), com.dubture.jenkins:digitalocean-plugin (>=0.1 <=0.2) +39 more potentially affected by CVE-2014-2058 via org.jenkins-ci.main:jenkins-core (>=1.533 <=1.550)
org.jenkins-ci.main:jenkins-core MAVEN version =1.533, =1.7, =0.1, =1.53, =1.0.0, =0.1, =1.533, =1.533, =1.533, =1.533, =0.1.3, =0.1.5 and more Source cves: CVE-2014-2058 Source advisory: OSV:GHSA-7FPG-PP3M-H22F...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +698 more potentially affected by CVE-2012-6073 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.480)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.9, =1.0, =1.0, =1.0-beta-1, =2.1, =1.0, =1.0, =0.1, =0.1, =0.17 and more Source cves: CVE-2012-6073 Source advisory: SNYK:JAVA-ORGJENKINSCIMAIN-9404543...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1304 more potentially affected by CVE-2015-5317 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.625.1)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =0.0.1, =0.9, =1.3, =1.0, =1.0, =2.2.1, =1.0.3, =1.0.0, =1.0, =1.0.0, =1.2.0 and more Source cves: CVE-2015-5317 Source advisory: OSV:GHSA-8PQX-3RXX-F5PM...
@amphro/streamer (>=0.0.0 <=1.0.1), @appirio/demo-scoped-pkg (>=2.4.1 <=2.8.0) +297 more potentially affected by CVE-2020-7777 via jsen (>=0.1.2 <=0.6.6)
jsen NPM version =0.1.2, =0.0.0, =2.4.1, =0.5.9, =0.1.0, =1.0.0, =0.6.9, =1.0.0, =1.0.0, =1.0.0, =2.2.3, =0.0.1, =0.1.0, =0.0.7, =1.4.0, =13.6.18 and more Source cves: CVE-2020-7777 Source advisory: SNYK:JS-JSEN-1014670...
CVE-2020-2157
Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure...
CVE-2020-2157
Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure...
CVE-2020-2157
CVE-2020-2157 affects Jenkins Skytap Cloud CI Plugin, versions 2.07 and earlier. The underlying issue is that credentials are transmitted in plain text as part of job configuration forms, while stored encrypted on disk in config.xml. This can lead to exposure, e.g., to users with Extended Read pe...
PT-2020-15375 · Jenkins · Jenkins Skytap Cloud Ci Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Skytap Cloud CI Plugin versions 2.07 and earlier Description: The issue concerns the transmission of configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. The credentials are...
CVE-2012-4441
Cross-site Scripting XSS in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin...
CVE-2019-10450
Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
Design/Logic Flaw
Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-10450
The CVE-2019-10450 entry concerns the Jenkins ElasticBox CI Plugin, which stores credentials unencrypted in the global config.xml on the Jenkins master. The underlying issue is the plaintext storage of sensitive information in the master configuration, enabling any user with master filesystem acc...
CVE-2019-10450
Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
PT-2019-11844 · Jenkins · Jenkins Elasticbox Ci Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins ElasticBox CI Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global config.xml configuration file on the Jenkins master. This allows users with...
CloudBees Jenkins Skytap Cloud CI Plugin Trust Management Issue Vulnerability
CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. CloudBees. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Skytap Cloud CI Plugin is used in one of the plug-in for...
CVE-2019-10366
Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...