76 matches found
GHSA-QQ38-MXPQ-RRPJ Improper authorization of users and groups with the same base name in Jenkins GitLab Authentication Plugin
GitLab Authentication Plugin 1.5 and earlier does not differentiate between user names and hierarchical group names when performing authorization. This allows an attacker with permissions to create groups in GitLab to gain the privileges granted to another user or group. GitLab Authentication...
br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), com.amcbridge:build-configurator (>=1.0.5.0 <=1.0.6.1) +92 more potentially affected by CVE-2020-2136 via org.jenkins-ci.plugins:git (>=1.2.0 <=4.0.0-rc)
org.jenkins-ci.plugins:git MAVEN version =1.2.0, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.0.22, =1.0.57 and more Source cves: CVE-2020-2136 Source advisory: OSV:GHSA-6C7R-6P5M-CP82...
GHSA-3P8R-P4Q5-MC44 Violation Comments to GitLab Plugin has Insufficiently Protected Credentials
Violation Comments to GitLab Plugin stored API tokens unencrypted in job config.xml files and its global configuration file org.jenkinsci.plugins.jvctgl.ViolationsToGitLabGlobalConfiguration.xml on the Jenkins controller. These credentials could be viewed by users with Extended Read permission, o...
Jenkins Violation Comments to GitLab Plugin has Insufficiently Protected Credentials
Violation Comments to GitLab Plugin stored API tokens unencrypted in job config.xml files and its global configuration file org.jenkinsci.plugins.jvctgl.ViolationsToGitLabGlobalConfiguration.xml on the Jenkins controller. These credentials could be viewed by users with Extended Read permission, o...
Violation Comments to GitLab Plugin has Insufficiently Protected Credentials
Violation Comments to GitLab Plugin stored API tokens unencrypted in job config.xml files and its global configuration file org.jenkinsci.plugins.jvctgl.ViolationsToGitLabGlobalConfiguration.xml on the Jenkins controller. These credentials could be viewed by users with Extended Read permission, o...
Jenkins GitLab Plugin missing permission checks
Jenkins GitLab Plugin did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored i...
GHSA-5PHJ-QV74-PV4W Missing permission check in Jenkins GitLab Plugin
Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. An enumeration of credentials IDs in GitLab Plugin 1.5.32 requires the appropriate...
CVE-2022-30955
Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
Information disclosure
Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-30955
CVE-2022-30955 affects Jenkins GitLab Plugin (≤ 1.5.31). The issue is a missing permission check on an HTTP endpoint that allows users with Overall/Read to enumerate credentials IDs stored in Jenkins, exposing credential identifiers. The primary sources (NVD entry and related advisories) describe...
Jenkins GitLab Plugin 权限许可和访问控制问题漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.The Jenkins GitLab Plugin 1.5.31 and earli...
PT-2022-20410 · Jenkins · Jenkins Git Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins GitLab Plugin versions 1.5.31 and earlier Description: The issue allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins due to a missing permission check in an HTTP endpoint...
Unspecified Vulnerability in CloudBees Jenkins Violation Comments to GitLab Plugin
CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees. The product is mainly used to monitor the continuous software version of the release/testing project and some timed tasks . Violation Comments to GitLab Plugin is used in one of the ability to merge...
Unspecified Vulnerability in CloudBees Jenkins Violation Comments to GitLab Plugin
CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees. The product is mainly used to monitor the continuous software version of the release/testing project and some timed tasks . Violation Comments to GitLab Plugin is used in one of the ability to merge...
CVE-2019-10429
Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
CVE-2019-10416
Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10415
Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
CVE-2019-10415
Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
Design/Logic Flaw
Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
CVE-2019-10415
Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...