CVE-2026-39969

TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both...

CVE-2026-39969 TypeBot: WhatsApp Webhook Endpoint Missing Signature Verification

TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both...

CVE-2019-10312

A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptordoFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...

CSRF vulnerability in Jenkins Fortify on Demand Plugin

A cross-site request forgery vulnerability in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs. This form validation method requires appropriate permission in Fortify on...

Jenkins plugins Multiple Vulnerabilities (2022-01-12)

According to its their self-reported version number, the version of Jenkins plugins running on the remote web server are Jenkins Active Directory Plugin prior to 2.25.1, Badge Plugin prior to 1.9.1, Bitbucket Branch Source Plugin prior to 746., Configuration as Code Plugin prior to 1.55.1, Conjur...

CVE-2020-2202

A missing permission check in Jenkins Fortify on Demand Plugin 6.0.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

Design/Logic Flaw

A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

CVE-2020-2118

A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

CVE-2020-2118

A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

CVE-2019-10470

CVE-2019-10470 affects the Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin. The vulnerability arises from a missing permission check in form-related methods, allowing users with Overall/Read access to enumerate credentials IDs stored in Jenkins. Impact is credential enumeration with partial co...

PT-2019-11839 · Jenkins · Jenkins Google Kubernetes Engine Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Google Kubernetes Engine Plugin versions prior to 0.7.1 Description: A missing permission check in the Jenkins Google Kubernetes Engine Plugin allowed attackers with Overall/Read permission to obtain limited information about the scop...

CVE-2019-10386

A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptordoTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturi...

CVE-2019-10323

A missing permission check in Jenkins Artifactory Plugin 3.2.3 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...

CVE-2018-1999030

An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider Nexus Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known...

CVE-2018-1999030

An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider Nexus Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known...

CVE-2018-1999028

CVE-2018-1999028 affects Jenkins CloudBees Accurev Plugin (0.7.16 and earlier) via AccurevSCM.java, where a flaw allows capturing credentials stored in Jenkins using a known credential ID. Technical details in connected records confirm the vulnerability, its impact on credentials, and that remedi...