CVE-2019-10415

Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...

CVE-2019-10415

CVE-2019-10415 affects Jenkins Violation Comments to GitLab Plugin, version 2.28 and earlier. The root issue is that API tokens/credentials were stored unencrypted in the plugin’s global configuration file on the Jenkins master, enabling viewing by users with access to the master filesystem. Impa...

CVE-2019-10416

Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-10416

Summary: CVE-2019-10416 affects the Jenkins Violation Comments to GitLab Plugin (version 2.28 and earlier). The underlying issue is storage of credentials in plaintext within job config.xml files on the Jenkins master, exposing tokens to users with Extended Read permission or anyone with access t...

PT-2019-11810 · Jenkins · Jenkins Violation Comments To Gitlab Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Violation Comments to GitLab Plugin version 2.28 and earlier Description: The issue concerns the storage of credentials in an unencrypted manner. Specifically, the Violation Comments to GitLab Plugin stored API tokens unencrypted in j...

Open redirect

An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login...

Jenkins GitLab Plugin Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the testConnection functionality of the Jenkins GitLab Plugin 1.5.11. A specially crafted HTTP request from a user with Overall/Read permissions - such as an anonymous user, if enabled - can cause affected versions of this plug...

Input validation

A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfigdoTestConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...

CVE-2019-10301

A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfigdoTestConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfigdoTestConnection form validation method allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

CVE-2019-10300

A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfigdoTestConnection form validation method allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

CVE-2019-10300

A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfigdoTestConnection form validation method allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

CVE-2019-10300

A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfigdoTestConnection form validation method allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

CVE-2019-10300

The CVE-2019-10300 issue affects the Jenkins GitLab Plugin (v1.5.11 and earlier) in the GitLabConnectionConfig.doTestConnection form validation. The root cause is a missing or insufficient permissions check on the testConnection endpoint, enabling an attacker with certain Jenkins privileges (e.g....

CVE-2019-10301

A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfigdoTestConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...

PT-2019-11702 · Jenkins · Jenkins Git Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins GitLab Plugin versions 1.5.11 and earlier Description: A cross-site request forgery issue exists due to insufficient permission checks and form validation in the GitLabConnectionConfigdoTestConnection method. This allows attackers to...

PT-2019-11703 · Jenkins · Jenkins Git Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins GitLab Plugin versions 1.5.11 and earlier Description: A missing permission check in the GitLabConnectionConfigdoTestConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified...