64 matches found
PT-2023-6024 · Jenkins · Jenkins Fortify Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Fortify Plugin versions 22.1.38 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored i...
PT-2023-6008 · Jenkins · Jenkins Fortify Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Fortify Plugin versions 22.1.38 and earlier Description: A missing permission check in the Jenkins Fortify Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentia...
Jenkins Plugin Fortify 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Fortify Plugin stored credentials in plain text
Fortify Plugin 19.1.29 and earlier stored its proxy server password unencrypted in job config.xml files. This password could be read by users with the Extended Read permission. Fortify Plugin 19.2.30 now encrypts the proxy server password...
Jenkins Fortify Plugin Path Traversal Vulnerability
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Fortify Plugin 20.2.34 and earlier versions are vulnerable to a path traversal vulnerability that stems from not...
GHSA-23H5-8PH6-7RFC Path traversal vulnerability in Jenkins Fortify Plugin
Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, which are used to write to files inside build directories. This allows attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file...
Path traversal vulnerability in Jenkins Fortify Plugin
Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, which are used to write to files inside build directories. This allows attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file...
CVE-2022-25188
Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system with content not controllable by the attacker...
CVE-2022-25188
Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system with content not controllable by the attacker...
CVE-2022-25188
Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system with content not controllable by the attacker...
Code injection
Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system with content not controllable by the attacker...
CVE-2022-25188
CVE-2022-25188 affects Jenkins Fortify Plugin 20.2.34 and earlier. The root cause is that the plugin does not sanitize the appName and appVersion parameters of its Pipeline steps, enabling attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller filesyst...
CVE-2022-25188
Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system with content not controllable by the attacker...
Jenkins 插件 路径遍历漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Fortify Plugin 20.2.34 and earlier versions are vulnerable to a path traversal vulnerability that stems from not...
CVE-2020-2202
A missing permission check in Jenkins Fortify on Demand Plugin 6.0.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins...
CVE-2020-2202
CVE-2020-2202 affects CloudBees Jenkins Fortify on Demand Plugin versions 6.0.0 and earlier. A missing permission check in form-related methods allowed users with Overall/Read access to enumerate credentials IDs stored in Jenkins. The vulnerability could enable credential ID disclosure, which att...
FreeBSD : jenkins -- multiple vulnerabilities (a250539d-d1d4-4591-afd3-c8bdfac335d8)
Jenkins Security Advisory : DescriptionHigh SECURITY-1682 / CVE-2020-2099 Inbound TCP Agent Protocol/3 authentication bypass Medium SECURITY-1641 / CVE-2020-2100 Jenkins vulnerable to UDP amplification reflection attack Medium SECURITY-1659 / CVE-2020-2101 Non-constant time comparison of inbound...
CVE-2020-2107
Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2020-2107
Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
Design/Logic Flaw
Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...