CVE-2019-1003018

CVE-2019-1003018 affects Jenkins GitHub Authentication Plugin 0.29 and earlier. The vulnerability lies in GithubSecurityRealm/config.jelly, allowing an attacker who can view a Jenkins administrator’s browser output (or influence the browser via a malicious extension) to retrieve the configured cl...

CVE-2019-1003019

An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session...

PT-2019-11317 · Jenkins · Jenkins Gitlab Authentication Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins GitHub Authentication Plugin versions 0.29 and earlier Description: A session fixation issue exists that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. This is due to a...

PT-2019-11316 · Jenkins · Jenkins Gitlab Authentication Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins GitHub Authentication Plugin versions 0.29 and earlier Description: An exposure of sensitive information issue exists that allows attackers, who can view a Jenkins administrator's web browser output or control the browser, to retrieve...

Udemy: Completed Compromise & Source Code Disclosure via Exposed Jenkins Dashboard at https://jenkins101.udemy.com

Howdy, @udemy! Summary: ======= I am writing to inform you of a critical information disclosure bug via an exposed Jenkins dashboard located at https://jenkins101.udemy.com. Upon navigating to this address, I was asked to authenticate with my Github account. After authenticating, I was surprised ...