12 matches found
CVE-2018-1000610
A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords...
CVE-2019-10367
Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied...
CVE-2019-10367
Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied...
Authorization
Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied...
CVE-2019-10367
The CVE-2019-10367 entry concerns Jenkins Configuration as Code Plugin where Jenkins Configuration as Code Plugin 1.26 and earlier failed to properly mask certain values when logging the configuration being applied. This stems from an incomplete fix of CVE-2019-10343, not fully masking secrets in...
CloudBees Jenkins Configuration as Code plugin log information leakage vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . Configuration as Code Plugin is used in which a Jenki...
Design/Logic Flaw
Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins...
CVE-2019-10344
CVE-2019-10344 affects Jenkins Configuration as Code Plugin (versions 1.24 and earlier). The issue is missing permission checks on various HTTP endpoints, allowing users with Overall/Read access to access the generated schema and documentation for the plugin, which contains detailed information a...
CVE-2019-10363
The CVE-2019-10363 issue affects Jenkins Configuration as Code Plugin versions 1.24 and earlier, where the plugin did not reliably identify sensitive values in the YAML export as encrypted, enabling potential exposure of credentials. The root cause is tied to handling of the Secret type when expo...
CVE-2018-1000610
A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords...
CVE-2018-1000610
The CVE-2018-1000610 entry concerns the Jenkins Configuration as Code Plugin (0.7-alpha and earlier). The vulnerability arises from insecure handling of passwords configured via the plugin, specifically in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, and ExtensionConfigurato...
CVE-2018-1000609
The CVE-2018-1000609 issue affects Jenkins Configuration as Code Plugin (0.7-alpha and earlier). The vulnerability arises from ConfigurationAsCode.java, allowing users with Overall/Read access to export the Jenkins YAML configuration, exposing sensitive information. Impact is exposure of configur...