5 matches found
CVE-2019-1003055
Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CloudBees Jenkins FTP publisher Plugin Trust Management Issue Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/testing project and some timed tasks . FTP publisher Plugin is used in one of...
CloudBees Jenkins FTP publisher Plugin Cross-Site Request Forgery Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/testing project and some timed tasks . FTP publisher Plugin is used in one of...
CVE-2019-1003059
The CVE-2019-1003059 entry concerns Jenkins FTP Publisher Plugin. The vulnerability is a missing permission check in FTPPublisher.DescriptorImpl#doLoginCheck, which allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. Affected component is the Je...
CVE-2019-1003058
CVE-2019-1003058 describes a Cross-Site Request Forgery vulnerability in the Jenkins FTP Publisher Plugin, specifically in FTPPublisher.DescriptorImpl#doLoginCheck. The flaw allows an attacker to induce the Jenkins server to initiate a connection to an attacker-specified server. The linked connec...