73 matches found
CVE-2022-27210
A cross-site request forgery CSRF vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
EUVD-2022-4004
Malicious code in bioql PyPI...
CVE-2021-21662
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...
CVE-2021-21665
A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...
CVE-2019-10305
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the CredentialdoValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
CVE-2019-10296
Jenkins Serena SRA Deploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-10304
A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the CredentialdoValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server...
Incorrect permission check in XebiaLabs XL Deploy Plugin allows capturing credentials
An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored i...
com.amazonaws:codedeploy (=1.15), com.aspectsecurity.automationservices.plugins.jenkins:ibm-security-appscansource-scanner (>=1.0.3 <=1.0.5) +332 more potentially affected by CVE-2014-3667 via org.jenkins-ci.main:jenkins-core (>=1.566 <=1.582)
org.jenkins-ci.main:jenkins-core MAVEN version =1.566, =1.0.3, =1.0.0, =2.2.0, =2.0, =8.5.0, =1.2, =1.29, =1.0, =1.0, =1.00, =1.2 and more Source cves: CVE-2014-3667 Source advisory: OSV:GHSA-5XM3-48V5-6H7V...
Jenkins Octopus Deploy Plugin stores credentials in plain text
Jenkins Octopus Deploy Plugin stores credentials unencrypted in its global configuration file hudson.plugins.octopusdeploy.OctopusDeployPlugin.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...
GHSA-RWRX-HRF2-V577 Jenkins Serena SRA Deploy Plugin stores credentials in plain text
Jenkins Serena SRA Deploy Plugin stores credentials unencrypted in its global configuration file com.urbancode.ds.jenkins.plugins.serenarapublisher.UrbanDeployPublisher.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...
Jenkins Serena SRA Deploy Plugin stores credentials in plain text
Jenkins Serena SRA Deploy Plugin stores credentials unencrypted in its global configuration file com.urbancode.ds.jenkins.plugins.serenarapublisher.UrbanDeployPublisher.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...
CVE-2022-27210
A cross-site request forgery CSRF vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-27210
A cross-site request forgery CSRF vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-27209
A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-27211
A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkin...
CVE-2022-27208
Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller...
CVE-2022-27209
A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-27208
Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller...
Design/Logic Flaw
Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller...