5 matches found
EUVD-2022-5444
Malicious code in bioql PyPI...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the global configuration form, where the AWS Secret Key is not properly masked. An attacker can obtain sensitive credentials by viewing the configuration interface. Remediation There is no fixed...
CVE-2019-10367
Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied...
PT-2023-24115 · Jenkins · Jenkins Ansible Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Ansible Plugin versions 204.v8191fd551eb f and earlier Description: The issue concerns the storage of extra variables, often used to pass secrets, in an unencrypted manner in job config.xml files on the Jenkins controller. These...
PT-2023-22751 · Jenkins · Jenkins Report Portal Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Report Portal Plugin versions 0.5 and earlier Description: The Jenkins Report Portal Plugin stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These tokens can...