Lucene search
K

76 matches found

Prion
Prion
added 2023/07/26 2:15 p.m.29 views

Design/Logic Flaw

Always-incorrect control flow implementation in Jenkins Gradle Plugin 2.8 may result in credentials not being masked i.e., replaced with asterisks in the build log in some circumstances...

4CVSS6.4AI score0.00637EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/07/26 1:54 p.m.27 views

CVE-2023-39152

Always-incorrect control flow implementation in Jenkins Gradle Plugin 2.8 may result in credentials not being masked i.e., replaced with asterisks in the build log in some circumstances...

6.8AI score0.00637EPSS
Exploits0References2
CVE
CVE
added 2023/07/26 1:54 p.m.237 views

CVE-2023-39152

The CVE-2023-39152 issue affects the Jenkins Gradle Plugin (version 2.8) due to an always-incorrect control flow implementation that may cause credentials to be emitted in plaintext instead of being masked in the build log under some circumstances. Public references in connected docs corroborate ...

6.5CVSS6.4AI score0.00637EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/26 1:54 p.m.9 views

CVE-2023-39152

Always-incorrect control flow implementation in Jenkins Gradle Plugin 2.8 may result in credentials not being masked i.e., replaced with asterisks in the build log in some circumstances...

6.7AI score0.00637EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/07/26 12:0 a.m.3 views

Jenkins Gradle Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

6.5CVSS6.4AI score0.00637EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/07/26 12:0 a.m.7 views

PT-2023-26809 · Jenkins · Jenkins Gradle Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Gradle Plugin version 2.8 Description: The issue is related to an always-incorrect control flow implementation that may result in credentials not being masked in the build log under certain circumstances. Recommendations: For Jenkins...

6.5CVSS6.4AI score0.00637EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2023/05/16 6:30 p.m.5 views

io.jenkins.blueocean:blueocean-pipeline-scm-api (>=1.27.4 <=1.27.5.1), io.jenkins.plugins:code-coverage-api (>=4.2.0 <=4.7.0) +12 more potentially affected by CVE-2023-32977 via org.jenkins-ci.plugins.workflow:workflow-job (>=0.1-beta-1 <=1292.v27d8cc3e2602)

org.jenkins-ci.plugins.workflow:workflow-job MAVEN version =0.1-beta-1, =1.27.4, =4.2.0, =1.17.vd2468d9c5e85, =0.1-beta-1, =1.14, =1.16.4 - org.jenkins-ci.plugins:gradle =2.12.0.1 - org.jenkins-ci.plugins:inline-pipeline =1.0.3 Source cves: CVE-2023-32977 Source advisory: OSV:GHSA-2WVV-PHHW-QVMC...

5.4CVSS6AI score0.00586EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/02/20 12:30 p.m.5 views

com.bugvm:bugvm-compiler (>=1.0.0 <=1.2.9), com.bugvm:bugvm-dist (>=1.2.3 <=1.2.9) +27 more potentially affected by CVE-2016-15026 via com.googlecode.plist:dd-plist (>=1.0 <=1.16)

com.googlecode.plist:dd-plist MAVEN version =1.0, =1.0.0, =1.2.3, =1.2.3, =1.0.0, =0.0.1, =2.3.1-ios11, =2.3.1-ios11, =1.0.0-b1, =2.0.0, =2.3.2, =2.3.4, =2.3.1, =2.0.0, =1.2.0, =1.2.1 and more Source cves: CVE-2016-15026 Source advisory: OSV:GHSA-4JX2-HVQW-93J9...

7.8CVSS6.3AI score0.00543EPSS
Exploits0
OSV
OSV
added 2022/11/30 3:30 p.m.1 views

GHSA-4X6G-3CMX-W76R Snyk plugins vulnerable to Command Injection

The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin...

6.3CVSS7AI score0.03007EPSS
Exploits1References18
vulnersOsv
vulnersOsv
added 2022/11/30 3:30 p.m.3 views

@adobe/git-server (>=0.9.17 <=1.0.0), @adobe/helix-cli (>=0.3.0-SNAPSHOT.293 <=5.7.6) +49 more potentially affected by CVE-2022-22984 via snyk-gradle-plugin (>=1.0.2 <=3.24.2)

snyk-gradle-plugin NPM version =1.0.2, =0.9.17, =0.3.0-SNAPSHOT.293, =2.6.0, =1.0.5-SNAPSHOT.105, =3.11.9, =0.0.70, =0.5.8, =3.2.4, =5.0.0, =3.0.3-beta.1, =1.0.7, =1.0.9 and more Source cves: CVE-2022-22984 Source advisory: OSV:GHSA-4X6G-3CMX-W76R...

6.3CVSS6.6AI score0.03007EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2022/11/30 12:0 a.m.12 views

PT-2022-15754 · Snyk · Snyk-Python-Plugin +7

Name of the Vulnerable Software and Affected Versions: snyk versions prior to 1.1064.0 snyk-mvn-plugin versions prior to 2.31.3 snyk-gradle-plugin versions prior to 3.24.5 @snyk/snyk-cocoapods-plugin versions prior to 2.5.3 snyk-sbt-plugin versions prior to 2.16.2 snyk-python-plugin versions prio...

6.3CVSS6.9AI score0.03007EPSS
Exploits1References21
vulnersOsv
vulnersOsv
added 2022/09/29 1:34 p.m.8 views

@bifravst/package-layered-lambdas (>=3.11.9 <=4.1.10), @candrewsintegralblue/snyk (=0.0.4) +11 more potentially affected by CVE-2022-22984 +1 more via snyk-gradle-plugin (>=3.10.0 <=3.24.2)

snyk-gradle-plugin NPM version =3.10.0, =3.11.9, =0.5.8, =3.2.4, =5.0.0, =3.0.3-beta.1, =1.1.0, =1.2.1, =1.0.0-dev-0b3764c8bef4a5676c834063c335bfe110a00c0b, =1.39.2, =1.43.0 Source cves: CVE-2022-22984, CVE-2022-40764 Source advisory: SNYK:JS-SNYKGRADLEPLUGIN-3038624...

7.8CVSS6.7AI score0.03007EPSS
Exploits2
Snyk
Snyk
added 2022/09/29 1:34 p.m.1 views

Command Injection

Overview snyk-gradle-plugin is a plugin for the Snyk CLI tool, providing dependency metadata for Gradle projects. Affected versions of this package are vulnerable to Command Injection due to an incomplete fix for CVE-2022-40764. A successful exploit allows attackers to run arbitrary commands on t...

7.8CVSS7.8AI score0.03007EPSS
Exploits2References2
OSV
OSV
added 2022/09/12 12:0 a.m.13 views

GHSA-P2F7-9CV7-JJF6 Goomph before 3.37.2 allows malicious zip file to write contents to arbitrary locations

This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an attacker to achieve...

8.8CVSS7.8AI score0.01809EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2022/05/13 1:49 a.m.4 views

com.github.kulya:jmeter-gradle-plugin (>=1.3.1-2.6 <=1.3.4-2.9), com.lazerycode.jmeter:jmeter-maven-plugin (>=1.4 <=1.8.1) +4 more potentially affected by CVE-2018-1297 via org.apache.jmeter:ApacheJMeter (>=2.6 <=3.3)

org.apache.jmeter:ApacheJMeter MAVEN version =2.6, =1.3.1-2.6, =1.4, =1.0.7-3.0-BETA, =1.0.7-3.0-BETA, =6.3.0, =6.2.0, =6.6.0 Source cves: CVE-2018-1297 Source advisory: OSV:GHSA-7V85-6HV2-RWGW...

9.8CVSS7.7AI score0.10096EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/04/01 12:0 a.m.8 views

The vulnerability of the Gradle plugin and script for the automatic build system Gradle allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Gradle plugin and script in the automatic build system Gradle is related to the lack of measures to sanitize input data. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service failures...

8.5CVSS7.3AI score0.02709EPSS
Exploits1References6Affected Software2
vulnersOsv
vulnersOsv
added 2021/12/10 12:40 a.m.5 views

org.xbib.elasticsearch:gradle-plugin-elasticsearch-build (=6.3.2.5) potentially affected by CVE-2021-44228 via org.xbib.elasticsearch:log4j (=6.3.2.1)

org.xbib.elasticsearch:log4j MAVEN version =6.3.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.xbib.elasticsearch:log4j and may be impacted: - org.xbib.elasticsearch:gradle-plugin-elasticsearch-build =6.3.2.5 Source cves: CVE-2021-44228 Source...

10CVSS7AI score0.99999EPSS
Exploits351
NVD
NVD
added 2021/03/09 1:15 a.m.32 views

CVE-2021-21361

The com.bmuschko:gradle-vagrant-plugin Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. This is fixe...

6.5CVSS0.01176EPSS
Exploits1References4
OSV
OSV
added 2021/03/09 1:15 a.m.16 views

CVE-2021-21361

The com.bmuschko:gradle-vagrant-plugin Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. This is fixe...

6.5CVSS6.2AI score
Exploits0References4
CVE
CVE
added 2021/03/09 12:40 a.m.91 views

CVE-2021-21361

The CVE-2021-21361 entry concerns the Gradle plugin com.bmuschko:gradle-vagrant-plugin, which exposes an information disclosure vulnerability by logging system environment variables when the plugin runs in public CI/CD environments. Affected component: the GDKExternalProcessExecutor.groovy flow a...

6.5CVSS5.5AI score0.01176EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder