Lucene search
K

145 matches found

CVE
CVE
added 2023/02/15 12:0 a.m.98 views

CVE-2023-25767

CVE-2023-25767 is a CSRF vulnerability affecting Jenkins Azure Credentials Plugin in versions up to 253.v887e0f9e898b and earlier. The Red Hat and OSV entries confirm the flaw permits an attacker to trigger actions that cause the Jenkins client to connect to an attacker-controlled web server, due...

8.8CVSS8.6AI score0.00455EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/15 12:0 a.m.9 views

CVE-2023-25768

A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server...

6.3AI score0.00639EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/02/15 12:0 a.m.49 views

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.9 Multiple Vulnerabilities (CloudBees Security Advisory 2023-02-15)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.9. It is, therefore, affected by multiple vulnerabilities including the following: - CSRF vulnerability and missing permission checks in Synopsys Coverity Plugin allow...

9.9CVSS6.1AI score0.814EPSS
Exploits0References12
Cvelist
Cvelist
added 2023/02/15 12:0 a.m.41 views

CVE-2023-25767

A cross-site request forgery CSRF vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server...

8.9AI score0.00455EPSS
Exploits0References2
OSV
OSV
added 2022/10/19 7:0 p.m.29 views

GHSA-35RX-7PC8-6963 API keys stored in plain text by Jenkins Katalon Plugin

Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Katalon Plugin 1.0.33 no...

4.3CVSS6.6AI score0.00668EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/10/19 7:0 p.m.23 views

API keys stored in plain text by Jenkins Katalon Plugin

Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Katalon Plugin 1.0.33 no...

6.5CVSS6.1AI score0.00668EPSS
Exploits0References6Affected Software1
Check Point Advisories
Check Point Advisories
added 2022/07/11 12:0 a.m.4 views

Jenkins Credentials Plugin Cross-site Scripting (CVE-2022-29036)

A cross-site scripting vulnerability exists in Jenkins Credentials Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

3.5CVSS4.9AI score0.7855EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2022/06/17 5:40 a.m.4 views

credentials: Stored XSS vulnerabilities in jenkins plugin

A flaw was found in the Jenkins credentials plugin. The Jenkins credentials plugin does not escape the name and description of Credentials parameters on views displaying parameters. This issue results in a stored Cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

5.4CVSS5.7AI score0.7855EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/05/31 5:45 a.m.3 views

credentials: Stored XSS vulnerabilities in jenkins plugin

A flaw was found in the Jenkins credentials plugin. The Jenkins credentials plugin does not escape the name and description of Credentials parameters on views displaying parameters. This issue results in a stored Cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

5.4CVSS5.7AI score0.7855EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 5:10 p.m.22 views

Credentials stored in plain text by Zephyr Enterprise Test Management Plugin

Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text in the global configuration file com.thed.zephyr.jenkins.reporter.ZeeReporter.xml. This password can be viewed by users with access to the Jenkins controller file system. Zephyr Enterprise Test...

5.5CVSS5.6AI score0.0033EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/24 5:10 p.m.19 views

GHSA-XV58-GP43-6M76 Credentials stored in plain text by Zephyr Enterprise Test Management Plugin

Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text in the global configuration file com.thed.zephyr.jenkins.reporter.ZeeReporter.xml. This password can be viewed by users with access to the Jenkins controller file system. Zephyr Enterprise Test...

3.3CVSS5.4AI score0.0033EPSS
Exploits0References4
OSV
OSV
added 2022/05/24 4:58 p.m.1 views

GHSA-8QH4-FGHR-6FXG Improper Limitation of a Pathname to a Restricted Directory in Jenkins Google OAuth Credentials Plugin

An arbitrary file read vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and earlier allowed attackers able to configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master...

6.5CVSS6AI score0.00989EPSS
Exploits0References4
OSV
OSV
added 2022/05/24 4:46 p.m.2 views

GHSA-XM94-9JW8-P6HW Insertion of Sensitive Information into Externally-Accessible File or Directory in Jenkins Credentials Plugin

Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS12 certificate...

4.3CVSS6.3AI score0.00969EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2022/05/23 12:0 a.m.38 views

Jenkins Enterprise and Operations Center 2.277.x < 2.277.43.0.8 / 2.303.x < 2.303.30.0.7 / 2.332.1.5 Multiple Vulnerabilities (CloudBees Security Advisory 2022-03-15)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.277.x prior to 2.277.43.0.8, 2.303.x prior to 2.303.30.0.7, or 2.x prior to 2.332.1.5. It is, therefore, affected by multiple vulnerabilities, including the following: - A cross-site request forge...

8.8CVSS6.1AI score0.01764EPSS
Exploits0References25
RedHat Linux
RedHat Linux
added 2022/05/18 12:3 p.m.3 views

credentials: Stored XSS vulnerabilities in jenkins plugin

A flaw was found in the Jenkins credentials plugin. The Jenkins credentials plugin does not escape the name and description of Credentials parameters on views displaying parameters. This issue results in a stored Cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...

5.4CVSS5.7AI score0.7855EPSS
Exploits0References5
OSV
OSV
added 2022/05/14 3:7 a.m.2 views

GHSA-CWCF-5M5W-MQ2W Exposure of Sensitive Information to an Unauthorized Actor in Jenkins SSH Credentials Plugin

A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system...

6.5CVSS6AI score0.01013EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/14 12:58 a.m.13 views

Jenkins Deploy to container Plugin stored plain text passwords in job configuration

The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with...

5.5CVSS6.3AI score0.00374EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/14 12:58 a.m.23 views

GHSA-3Q6P-R6RR-266X Jenkins Deploy to container Plugin stored plain text passwords in job configuration

The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with...

5.5CVSS5.3AI score0.00374EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/13 1:48 a.m.16 views

Jenkins z/OS Connector Plugin allows local attacker to retrieve configured password

A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser e.g. malicious extension to retrieve the configured password. IBM...

7.2CVSS3.5AI score0.01012EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/13 1:48 a.m.16 views

GHSA-5FQ9-X9F4-X2R2 Jenkins z/OS Connector Plugin allows local attacker to retrieve configured password

A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser e.g. malicious extension to retrieve the configured password. IBM...

3.3CVSS6.7AI score0.01012EPSS
Exploits0References3
Rows per page
Query Builder