168 matches found
Jenkins Enterprise and Operations Center 2.303.x < 2.303.30.0.15 / 2.346.2.3 Multiple Vulnerabilities (CloudBees Security Advisory 2022-07-27)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.303.x prior to 2.303.30.0.15, or 2.x prior to 2.346.2.3. It is, therefore, affected by multiple vulnerabilities, including the following: - A cross-site request forgery CSRF vulnerability in Jenki...
CVE-2022-38663
A flaw was found in the Jenkins Git plugin. The Git Plugin does not properly mask the credentials in the build log provided by the Git Username and Password gitUsernamePassword credentials binding. Usernames are masked instead of passwords in cases when usernames are not set to be treated as secr...
Improper masking of credentials Jenkins in Git Plugin
Jenkins Git Plugin 4.11.4 and earlier does not properly mask i.e., replace with asterisks credentials in the build log provided by the Git Username and Password gitUsernamePassword credentials binding...
br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), com.amcbridge:build-configurator (>=1.0.5.0 <=1.0.6.1) +92 more potentially affected by CVE-2022-38663 via org.jenkins-ci.plugins:git (>=1.2.0 <=4.0.0-rc)
org.jenkins-ci.plugins:git MAVEN version =1.2.0, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.0.22, =1.0.57 and more Source cves: CVE-2022-38663 Source advisory: OSV:GHSA-JXMW-3GXF-FPRH...
GHSA-JXMW-3GXF-FPRH Improper masking of credentials Jenkins in Git Plugin
Jenkins Git Plugin 4.11.4 and earlier does not properly mask i.e., replace with asterisks credentials in the build log provided by the Git Username and Password gitUsernamePassword credentials binding...
CVE-2022-38663
Jenkins Git Plugin 4.11.4 and earlier does not properly mask i.e., replace with asterisks credentials in the build log provided by the Git Username and Password gitUsernamePassword credentials binding...
CVE-2022-38663
Jenkins Git Plugin 4.11.4 and earlier does not properly mask i.e., replace with asterisks credentials in the build log provided by the Git Username and Password gitUsernamePassword credentials binding...
CVE-2022-38663
Jenkins Git Plugin 4.11.4 and earlier does not properly mask i.e., replace with asterisks credentials in the build log provided by the Git Username and Password gitUsernamePassword credentials binding...
Default credentials
Jenkins Git Plugin 4.11.4 and earlier does not properly mask i.e., replace with asterisks credentials in the build log provided by the Git Username and Password gitUsernamePassword credentials binding...
CVE-2022-38663
Jenkins Git Plugin 4.11.4 and earlier does not properly mask i.e., replace with asterisks credentials in the build log provided by the Git Username and Password gitUsernamePassword credentials binding...
CVE-2022-38663
Affected software: Jenkins Git Plugin (versions 4.11.4 and earlier). Vulnerability: Credentials bound via Git Username and Password (gitUsernamePassword) are not properly masked in the build log, potentially exposing sensitive data. Root cause: Improper handling/masking of credentials in the plug...
CVE-2022-38663
Jenkins Git Plugin 4.11.4 and earlier does not properly mask i.e., replace with asterisks credentials in the build log provided by the Git Username and Password gitUsernamePassword credentials binding...
CVE-2022-36884
The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository...
CVE-2022-36883
A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit...
Lack of authentication mechanism in Jenkins Git Plugin webhook
Git Plugin provides a webhook endpoint at /git/notifyCommit that can be used to notify Jenkins of changes to an SCM repository. For its most basic functionality, this endpoint receives a repository URL, and Jenkins will schedule polling for all jobs configured with the specified repository. In Gi...
Lack of authentication mechanism in Jenkins Git Plugin webhook
Git Plugin provides a webhook endpoint at /git/notifyCommit that can be used to notify Jenkins of changes to an SCM repository. For its most basic functionality, this endpoint receives a repository URL, and Jenkins will schedule polling for all jobs configured with the specified repository. In Gi...
GHSA-8XWJ-2WGH-GPRH Lack of authentication mechanism in Jenkins Git Plugin webhook
Git Plugin provides a webhook endpoint at /git/notifyCommit that can be used to notify Jenkins of changes to an SCM repository. For its most basic functionality, this endpoint receives a repository URL, and Jenkins will schedule polling for all jobs configured with the specified repository. In Gi...
GHSA-449W-C77C-VMF6 Lack of authentication mechanism in Jenkins Git Plugin webhook
Git Plugin provides a webhook endpoint at /git/notifyCommit that can be used to notify Jenkins of changes to an SCM repository. For its most basic functionality, this endpoint receives a repository URL, and Jenkins will schedule polling for all jobs configured with the specified repository. In Gi...
GHSA-V878-67XW-GRW2 Lack of authentication mechanism in Jenkins Git Plugin webhook
Git Plugin provides a webhook endpoint at /git/notifyCommit that can be used to notify Jenkins of changes to an SCM repository. For its most basic functionality, this endpoint receives a repository URL, and Jenkins will schedule polling for all jobs configured with the specified repository. In Gi...
br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), com.amcbridge:build-configurator (>=1.0.5.0 <=1.0.6.1) +92 more potentially affected by CVE-2022-36884 via org.jenkins-ci.plugins:git (>=1.2.0 <=4.0.0-rc)
org.jenkins-ci.plugins:git MAVEN version =1.2.0, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.0.22, =1.0.57 and more Source cves: CVE-2022-36884 Source advisory: OSV:GHSA-449W-C77C-VMF6...