The vulnerability of the Nouvola DiveCloud plugin for Jenkins’ automation server, related to the storage of keys in an unencrypted form, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Nouvola DiveCloud plugin for Jenkins-based automation servers lies in the storage of keys in an unencrypted form within the config.xml file. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to protected information...

The vulnerability of the Applitools Eyes plugin in Jenkins automation servers, related to the storage of information in an open manner, allows a malicious actor to gain unauthorized access to the protected information.

The vulnerability of the Applitools Eyes plugin in Jenkins automation servers lies in the fact that information is stored in an open manner within the config.xml configuration file. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to the...

CVE-2021-21681

Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

PT-2022-25747 · Jenkins · Jenkins Build-Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Build-Publisher Plugin versions 1.22 and earlier Description: The issue allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to...

Jenkins Convertigo Mobile Platform Plugin信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins Convertigo Mobile Platform Plug...

GHSA-CG4H-CFJP-H3X2 Password stored in plain text by Jenkins VMware Lab Manager Slaves Plugin

Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

Improper Input Validation in Jenkins

A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory. If Jenkins is started without...

Jenkins Proxmox Plugin Information Disclosure Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Proxmox Plugin 0.5.0 and earlier...

CloudBees Jenkins Nomad Plugin Information Disclosure Vulnerability

CloudBees Jenkins Hudson Labs is a Java-based continuous integration tool developed by CloudBees, Inc. An information disclosure vulnerability exists in CloudBees Jenkins Nomad Plugin 0.7.4 and prior versions. The vulnerability is caused by the program storing unencrypted Docker passwords in the...

CVE-2018-1999001

A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory. If Jenkins is started without...

CVE-2018-1999001

A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory. If Jenkins is started without...

BEA WebLogic Server stores database password in clear text in "config.xml"

Overview WebLogic Server contains a vulnerability that may expose the database username and password in clear text in the config.xml file. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and managing...