43 matches found
CVE-2019-10348
CVE-2019-10348 - Jenkins Gogs Plugin: The vulnerability arises from storing credentials in plaintext in job config.xml on the Jenkins master, enabling disclosure to users with Extended Read or anyone with master filesystem access. The NVD entry notes a CVSS v3.1 base score of 8.8 (HIGH). Public a...
CVE-2019-10348
Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
PT-2019-11747 · Jenkins · Jenkins Gogs Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Gogs Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted form in job config.xml files on the Jenkins master or controller. These credentials can be accessed by users with...