The vulnerability of the software deployment plugin and the GLPI Inventory network is related to incorrect restrictions on the path to the restricted-access catalog, allowing attackers to gain access to protected information.

The vulnerability of the software deployment and GLPI Inventory network component relates to incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability could allow an attacker to gain access to protected information...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1603 more potentially affected by CVE-2024-43045 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.452.3)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2024-43045 Source advisory: OSV:GHSA-8PV9-QH96-9HC6...

CVE-2022-34799

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

Reflected XSS vulnerability in Jenkins AWSEB Deployment Plugin

AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output. This results in a reflected cross-site scripting XSS vulnerability. AWSEB Deployment Plugin 0.3.20 escapes the values printed as part of the affected form validation endpoints...

br.com.ingenieux.jenkins.plugins:awseb-deployment-plugin (>=0.3.5 <=0.3.15), com.barchart.jenkins:maven-release-cascade (>=1.0.0 <=1.3.2) +109 more potentially affected by CVE-2019-10337 via org.jenkins-ci.plugins:token-macro (>=1.0 <=2.7)

org.jenkins-ci.plugins:token-macro MAVEN version =1.0, =0.3.5, =1.0.0, =1.14.1, =4.1.1, =1.7.2, =1.1.2, =0.18, =0.1, =2.5.8, =3.0, =1.0-alpha-1, =1.2.0-beta-1 and more Source cves: CVE-2019-10337 Source advisory: OSV:GHSA-G6H2-4X64-C59X...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +2005 more potentially affected by CVE-2017-17383 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.9)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =55.v51410e712e0c, =1.0, =0.0.1, =0.1.1, =0.1.0, =1.0, =0.9, =0.45 and more Source cves: CVE-2017-17383 Source advisory: OSV:GHSA-X3RC-CXV7-6XP6...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1487 more potentially affected by CVE-2016-0789 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.642.1)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =0.0.1, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.5.0, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2016-0789 Source advisory: OSV:GHSA-8P3C-M625-WH83...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +2157 more potentially affected by CVE-2010-3700 via org.acegisecurity:acegi-security (>=1.0.0 <=1.0.7)

org.acegisecurity:acegi-security MAVEN version =1.0.0, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.1, =0.1.0, =1.0, =1.17.3 and more Source cves: CVE-2010-3700 Source advisory: OSV:GHSA-3295-H9QX-R82X...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1304 more potentially affected by CVE-2015-5317 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.625.1)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =0.0.1, =0.9, =1.3, =1.0, =1.0, =2.2.1, =1.0.3, =1.0.0, =1.0, =1.0.0, =1.2.0 and more Source cves: CVE-2015-5317 Source advisory: OSV:GHSA-8PQX-3RXX-F5PM...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1304 more potentially affected by CVE-2015-5321 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.625.1)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =0.0.1, =0.9, =1.3, =1.0, =1.0, =2.2.1, =1.0.3, =1.0.0, =1.0, =1.0.0, =1.2.0 and more Source cves: CVE-2015-5321 Source advisory: SNYK:JAVA-ORGJENKINSCIMAIN-9404329...

br.com.ingenieux.jenkins.plugins:awseb-deployment-plugin (>=0.3.5 <=0.3.15), com.barchart.jenkins:maven-release-cascade (>=1.0.0 <=1.3.2) +109 more potentially affected by CVE-2019-1003011 via org.jenkins-ci.plugins:token-macro (>=1.0 <=2.5)

org.jenkins-ci.plugins:token-macro MAVEN version =1.0, =0.3.5, =1.0.0, =1.14.1, =4.1.1, =1.7.2, =1.1.2, =0.18, =0.1, =2.5.8, =3.0, =1.0-alpha-1, =1.2.0-beta-1 and more Source cves: CVE-2019-1003011 Source advisory: OSV:GHSA-23H9-M55M-C5JP...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1572 more potentially affected by CVE-2018-1999004 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.12)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2018-1999004 Source advisory: OSV:GHSA-WMR8-25FF-GGPJ...

CloudBees Jenkins AWSEB Deployment Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

CVE-2020-2174

Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability...

Cross site scripting

Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability...

CVE-2020-2174

Summary (CVE-2020-2174, Jenkins AWSEB Deployment Plugin): Versions 0.3.19 and earlier are vulnerable to a reflected XSS due to input values used in form validation output not being escaped. This is achieved via unescaped user-supplied data reflected in the browser, enabling script execution in a ...

Cross-site Scripting

Jenkins AWSEB Deployment Plugin does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability...

CloudBees Jenkins BMC Release Package and Deployment Plugin Code Execution Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A security vulnerability exis...

CloudBees Jenkins VS Team Services Continuous Deployment Plugin Trust Management Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . VS Team Services Continuous Deployment Plugin...