16 matches found
EUVD-2022-4330
Malicious code in bioql PyPI...
CVE-2019-10414
Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
Jenkins Git Changelog Plugin has Insufficiently Protected Credentials
Git Changelog Plugin stored MediaWiki and Jira passwords unencrypted in job config.xml files on the Jenkins controller. These passwords could be viewed by users with Extended Read permission, or access to the Jenkins controller file system. Git Changelog Plugin now stores these passwords encrypte...
GHSA-H27G-72MH-9M33 Jenkins Git Changelog Plugin has Insufficiently Protected Credentials
Git Changelog Plugin stored MediaWiki and Jira passwords unencrypted in job config.xml files on the Jenkins controller. These passwords could be viewed by users with Extended Read permission, or access to the Jenkins controller file system. Git Changelog Plugin now stores these passwords encrypte...
Stored XSS vulnerability in Jenkins Git Changelog Plugin
A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attacke...
GHSA-JCMG-9RW5-9RM2 Stored XSS vulnerability in Jenkins Git Changelog Plugin
A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attacke...
Unspecified Vulnerability in CloudBees Jenkins Git Changelog Plugin
CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. CloudBees. The product is mainly used to monitor the continuous software version of the release/testing project and some timed tasks . Git Changelog Plugin is used in one of the Git...
CVE-2019-10414
Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10414
Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
Design/Logic Flaw
Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10414
Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
PT-2019-11808 · Jenkins · Jenkins Git Changelog Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Git Changelog Plugin versions 2.17 and earlier Description: The issue concerns the storage of credentials in an unencrypted manner in job config.xml files on the Jenkins master or controller. Specifically, MediaWiki and Jira passwords...
CVE-2018-1000426
A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attacke...
CVE-2018-1000426
A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attacke...
CVE-2018-1000426
A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin
CVE-2018-1000426
A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attacke...