26 matches found
CVE-2019-10289
Jenkins Netsparker Cloud Scan Plugin
CVE-2019-10291
Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
CVE-2019-10290
A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpldoValidateAPI form validation method allowed attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
CVE-2019-10289
A cross-site request forgery vulnerability in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpldoValidateAPI form validation method allowed attackers to initiate a connection to an attacker-specified server...
CVE-2019-10291
Summary (concrete details): CVE-2019-10291 concerns the Jenkins Netsparker Cloud Scan Plugin (version 1.1.5 and older) which stored credentials in plaintext in the Jenkins master/global configuration file, exposing them to anyone with file-system access. Related connected data show the Enterprise...
PT-2019-11692 · Jenkins · Jenkins Netsparker Cloud Scan Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Netsparker Cloud Scan Plugin version 1.1.5 and older Description: A missing permission check in the NCScanBuilder.DescriptorImpldoValidateAPI form validation method allows attackers with Overall/Read permission to initiate a connectio...