11 matches found
EUVD-2022-3572
Malicious code in bioql PyPI...
Jenkins Crowd 2 Integration Plugin stored credentials in plain text
An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2...
GHSA-CG6Q-GP23-VWX8 Jenkins Crowd 2 Integration Plugin stored credentials in plain text
An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2...
CloudBees Jenkins Crowd 2 Integration Plugin Storing Credentials in Plain Text Format Vulnerability
CloudBees Jenkins formerly known as Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. It is mainly used to monitor continuous software version release/testing projects and some timed tasks.Crowd 2 Integration Plugin is used in which a Authentication Plugin. A...
CVE-2018-1000422
An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings...
CVE-2018-1000423
An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2...
Design/Logic Flaw
An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2...
CVE-2018-1000423
The CVE-2018-1000423 entry concerns Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier, where credentials used to connect to Crowd 2 are stored in the plugin and can be accessed if an attacker has local filesystem access. The affected components are CrowdSecurityRealm.java and CrowdConfiguratio...
CVE-2018-1000423
An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2...
CVE-2018-1000422
CVE-2018-1000422 affects Jenkins Crowd 2 Integration Plugin up to version 2.0.0. The vulnerability resides in CrowdSecurityRealm.java and enables an attacker to cause Jenkins to perform a connection test to an attacker‑specified server using attacker‑specified credentials and connection settings....
Atlassian Crowd 2.x < 2.11.0 Information Disclosure
Binary data 9903.prm...