Jenkins 安全漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. Jenkins XebiaLabs XL Deploy Plugin has a security vulnerability that stems from missing permission checks in Jenkins...

CloudBees Jenkins Serena SRA Deploy Plugin Trust Management Issue Vulnerability

CloudBees Jenkins Hudson Labs is a suite of Java-based continuous integration tools from the US-based CloudBees. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks.Serena SRA Deploy Plugin is used in which a plug-in for the deployme...

CVE-2019-10304

A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the CredentialdoValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server...

CVE-2019-10304

A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the CredentialdoValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server...

CVE-2019-10305

A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the CredentialdoValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

CVE-2019-10304

A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the CredentialdoValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server...

CVE-2019-10304

The CVE-2019-10304 issue affects Jenkins XebiaLabs XL Deploy Plugin. A CSRF vulnerability exists in the Credential#doValidateUserNamePassword form validation method that enables an attacker to initiate a connection to a server of the attacker’s choosing. Some connected sources also cite a missing...

CVE-2019-10305

The CVE-2019-10305 entry concerns Jenkins XebiaLabs XL Deploy Plugin. The vulnerability is a missing permission check in Credential#doValidateUserNamePassword form validation, which allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. This is des...

PT-2019-11707 · Jenkins · Jenkins Xebialabs Xl Deploy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins XebiaLabs XL Deploy Plugin affected versions not specified Description: A missing permission check in the CredentialdoValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connecti...

PT-2019-11706 · Jenkins · Jenkins Xebialabs Xl Deploy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins XebiaLabs XL Deploy Plugin affected versions not specified Description: A cross-site request forgery issue in the CredentialdoValidateUserNamePassword form validation method allows attackers to initiate a connection to an...

CVE-2019-10296

Jenkins Serena SRA Deploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-10296

CVE-2019-10296 affects the Jenkins Serena SRA Deploy Plugin. The vulnerability arises from credentials being stored unencrypted in the plugin’s global configuration on the Jenkins master, specifically in the UrbanDeployPublisher.xml file, which can be read by anyone with access to the Jenkins con...

PT-2019-11698 · Jenkins · Jenkins Serena Sra Deploy Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Serena SRA Deploy Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master or controller. Specifically, the...