PT-2022-18859 · Jenkins · Jenkins Tests Selector Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Tests Selector Plugin version 1.3.3 and earlier Description: The issue allows users with Item/Configure permission to read arbitrary files on the Jenkins controller. Recommendations: For Jenkins Tests Selector Plugin version 1.3.3 and...

Jenkins instant-messaging Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from unencrypted group chat passwords stored in the...

CVE-2022-27206

Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2022-27208

Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller...

CVE-2022-27203

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller...

Jenkins incapptic connect uploader 插件安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins incapptic connect uploader Plug...

CVE-2022-25179

Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier follows symbolic links to locations outside of the checkout directory for the configured SCM when reading files using the readTrusted step, allowing attackers able to configure Pipelines permission to read arbitrary files on the...

Jenkins Pipeline 代码注入漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Pipeline Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier versions have a sandbox bypass vulnerability...

Jenkins Pipeline 操作系统命令注入漏洞

Jenkins Pipeline is a set of plug-ins that support the implementation and integration of continuous delivery pipelines into Jenkins. Jenkins Pipeline has a security vulnerability that can be exploited by an attacker to invoke arbitrary OS commands on the controller by crafting SCM content...

PT-2022-17128 · Jenkins · Jenkins Fortify Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Fortify Plugin versions 20.2.34 and earlier Description: The issue allows attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system. This is due to the lack of sanitization of the...

Jenkins Pipeline 代码注入漏洞

Jenkins Pipeline is a set of plug-ins that support the implementation and integration of continuous delivery pipelines into Jenkins. A security vulnerability exists in Jenkins Jenkins Pipeline: Shared Groovy Libraries plugin 552.vd9cc05b8a2e1 and earlier versions, which can be exploited by an...

CVE-2022-23114

Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

Jenkins Debian Package Builder Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2022-15857 · Jenkins · Jenkins Publish Over Ssh Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Publish Over SSH Plugin versions 1.22 and earlier Description: The issue allows passwords to be stored unencrypted in the global configuration file on the Jenkins controller. This can be viewed by users with access to the Jenkins...

PT-2022-15861 · Jenkins · Jenkins Debian Package Builder Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Debian Package Builder Plugin versions 1.6.11 and earlier Description: The issue allows agents to invoke command-line git at an attacker-specified path on the controller. This enables attackers who can control agent processes to invok...

jenkins: FilePath#mkdirs does not check permission to create parent directories

An incorrect permissions validation vulnerability was found in Jenkins. The FilePathmkdirs does not check permission to create parent directories, which may allow an attacker who controls the agent process to get read and write arbitrary files on the Jenkins controller file system...

CVE-2021-21693

CVE-2021-21693 affects Jenkins FilePath handling. In affected versions (Jenkins 2.318 and earlier; LTS 2.303.2 and earlier), permission to create temporary files is checked after file creation. Remediation: upgrade to Jenkins 2.319 or LTS 2.303.3, which addresses this and related FilePath filteri...

CVE-2021-22779

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, SCADAPack...

CVE-2021-21634

Jenkins Jabber XMPP notifier and control Plugin 1.41 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin

Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables...