38 matches found
EUVD-2022-6289
Malicious code in bioql PyPI...
CVE-2019-10450
Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...
Jenkins-CI Unauthenticated Script-Console Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'cgi' class MetasploitModule 'Jenkins-CI Unauthenticated Script-Console Scanner', 'Description' = %q This module scans for unauthenticated Jenkins-CI script...
Arbitrary Code Execution
org.jenkins-ci.plugins:script-security is vulnerable to Arbitrary Code Execution. The vulnerability is due to crafted constructor bodies that invoke other constructors which can then be used to construct any subclassable type via implicit casts, which bypasses the sandbox protection, resulting in...
Information Disclosure
org.jenkins-ci.plugins, cloudbees-folder is vulnerable to Information Disclosure. The vulnerability exists because the library does not properly restrict the organization folder log file location, which allows an attacker to gain access to sensitive information in the system...
Information Disclosure
org.jenkins-ci.plugins:codedx is vulnerable to Information Disclosure. A remote authenticated attacker with item/read permissions is able to gain access user sensitive information such as the existence of an attacker-specified file path on an agent file system...
CVE-2022-36905
The CVE-2022-36905 entry describes a stored XSS in Jenkins Maven Metadata Plugin for Jenkins CI server plugin versions 2.2 and earlier, caused by missing URL validation for the Repository Base URL of the List maven artifact versions parameter. The impact is exploitable by attackers with Item/Conf...
Cross-site Scripting in Jenkins Maven Metadata Plugin
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...
Cross site scripting
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure...
Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin
Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
GHSA-485Q-V457-3P58 Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin
Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...
GHSA-3QXR-Q72Q-HMWP Jenkins CI Game Plugin allows Cross-Site Scripting (XSS)
Cross-site Scripting XSS in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin...
SonarQube Jenkins Password Disclosure
Advisory Information Title: SonarQube Jenkins Plugin - Plain Text Password Date published: 2013-12-05 Date of last update: 2013-12-05 Vendors contacted : SonarQube and Jenkins CI Discovered by: Christian Catalano Severity: High 2. Vulnerability Information CVE reference: CVE-2013-5676 CVSS v2...
CloudBees Jenkins CI Build Failure Analyzer plugin cross-site scripting vulnerability
CloudBees Jenkins CI formerly known as Hudson Labs is a set of Java-based development of continuous integration tools , which is mainly used to monitor the continuous software version release/testing projects and some timed tasks.Jenkins CI Build Failure Analyzer is one of the a plugin for...
Jenkins CI Server XStream Insecure Deserialization (CVE-2016-0792)
An insecure deserialization vulnerability has been reported in Jenkins CI Server. This vulnerability is due to the inclusion of the Groovy library in the classpath combined with the insecure deserialization employing the XStream library. A remote, unauthenticated attacker can exploit this...
CloudBees Jenkins CI and Jenkins LTS Unauthorized Modification Vulnerability (CNVD-2016-03157)
CloudBees Jenkins CI formerly known as Hudson Labs is a Java-based continuous integration tool from CloudBees, Inc. It is mainly used to monitor ongoing software releases/testing projects and a number of timed tasks.LTS Long-Term Support is a long-supported version of CloudBees Jenkins CI is a...
CloudBees Jenkins CI and Jenkins LTS Denial of Service Vulnerabilities
CloudBees Jenkins CI formerly known as Hudson Labs is a Java-based continuous integration tool from CloudBees, Inc. It is mainly used to monitor ongoing software releases/testing projects and a number of timed tasks.LTS Long-Term Support is a long-supported version of CloudBees Jenkins CI is a...
CloudBees Jenkins CI and LTS Split Response Vulnerability
CloudBees Jenkins CI is a set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . LTS is a long-term support for CloudBees Jenkins CI version . An HTTP...
CloudBees Jenkins CI and LTS Cross-Site Scripting Vulnerability
CloudBees Jenkins CI is a set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . LTS is a long-term support for CloudBees Jenkins CI version . A...
CloudBees Jenkins CI and LTS Request Forgery Vulnerability
CloudBees Jenkins CI is a set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . LTS is a long-term support for CloudBees Jenkins CI version . A reque...