Lucene search
+L

371 matches found

OSV
OSV
added 2025/07/09 4:15 p.m.6 views

CVE-2025-53662

Jenkins IFTTT Build Notifier Plugin 1.2 and earlier stores IFTTT Maker Channel Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

6.5CVSS5.8AI score0.00281EPSS
Exploits0References2
OSV
OSV
added 2025/07/09 4:15 p.m.6 views

CVE-2025-53663

Jenkins IBM Cloud DevOps Plugin 2.0.16 and earlier stores SonarQube authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

6.5CVSS5.8AI score0.00208EPSS
Exploits0References2
OSV
OSV
added 2025/07/09 4:15 p.m.8 views

CVE-2025-53653

Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4.3CVSS5.8AI score0.00191EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 11:28 p.m.7 views

CVE-2022-41255

Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

6.5CVSS6.3AI score0.00676EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:13 p.m.14 views

CVE-2022-34800

Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

4.3CVSS6.7AI score0.00557EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:4 p.m.7 views

CVE-2022-34213

Jenkins Squash TM Publisher Squash4Jenkins Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

6.5CVSS6.6AI score0.00691EPSS
Exploits0References1
Snyk
Snyk
added 2025/04/02 3:31 p.m.9 views

Privilege Context Switching Error

Overview Affected versions of this package are vulnerable to Privilege Context Switching Error due to the injectPrimitives function not taking sandbox protection into account for folder-scoped libraries. A user with Item/Configure permission can bypass the sandbox to execute code in the Jenkins...

8.8CVSS7.4AI score0.01171EPSS
Exploits1References2
OSV
OSV
added 2025/04/02 3:16 p.m.6 views

CVE-2025-31727

Jenkins AsakusaSatellite Plugin 0.1.1 and earlier stores AsakusaSatellite API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

5.5CVSS5.8AI score0.00276EPSS
Exploits0References1
OSV
OSV
added 2025/04/02 3:16 p.m.4 views

CVE-2025-31726

Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

5.5CVSS5.8AI score0.00276EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/11/27 6:34 p.m.27 views

Jenkins Filesystem List Parameter Plugin has Path Traversal vulnerability

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter. This allows attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system. Filesystem List Parameter Plugin 0.0.15 ensur...

4.3CVSS6.9AI score0.00812EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/11/27 6:34 p.m.28 views

GHSA-FWXQ-3F52-5CMC Jenkins Filesystem List Parameter Plugin has Path Traversal vulnerability

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter. This allows attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system. Filesystem List Parameter Plugin 0.0.15 ensur...

5.3CVSS4.8AI score0.00812EPSS
Exploits0References2
NVD
NVD
added 2024/11/27 5:15 p.m.40 views

CVE-2024-54004

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system...

4.3CVSS0.00812EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2024/08/08 2:46 a.m.29 views

CVE-2024-43044

A vulnerability was found in the Remoting library in Jenkins core, which handles communication between the Jenkins controller and agents. The ClassLoaderProxyfetchJar function may allow malicious agents or attackers with Agent/Connect permission to read arbitrary files from the Jenkins controller...

8.8CVSS6.7AI score0.28782EPSS
Exploits4References4
RedhatCVE
RedhatCVE
added 2024/06/27 4:23 a.m.47 views

CVE-2024-39459

A vulnerability was found in the Jenkins Plain Credentials Plugin, which stores secret file credentials unencrypted only Base64 encoded on the Jenkins controller file system. Users with access to the Jenkins controller file system global credentials or with Item/Extended Read permission...

6.5CVSS6.3AI score0.00419EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/06/26 6:30 p.m.18 views

Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin

When creating secret file credentials Plain Credentials Plugin 182.v468b97b9dcb8 and earlier attempts to decrypt the content of the file to check if it constitutes a valid encrypted secret. In rare cases the file content matches the expected format of an encrypted secret, and the file content wil...

4.3CVSS6.4AI score0.00419EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2024/05/03 8:53 a.m.62 views

CVE-2024-34144

A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin involving crafted constructor bodies, enabling the circumvention of security restrictions. With crafted constructor bodies, this flaw allows authenticated attackers to define and execute sandboxed scripts, including...

9.8CVSS7.5AI score0.48081EPSS
Exploits0References5
OSV
OSV
added 2024/05/02 3:30 p.m.63 views

GHSA-2G4Q-9VM9-9FW4 Jenkins Script Security Plugin sandbox bypass vulnerability

Jenkins Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call ...

8.8CVSS9.4AI score0.01002EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/05/02 3:30 p.m.45 views

Jenkins Script Security Plugin sandbox bypass vulnerability

Jenkins Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call ...

8.8CVSS7.8AI score0.01002EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/02 3:30 p.m.39 views

Jenkins Script Security Plugin has sandbox bypass vulnerability involving crafted constructor bodies

Jenkins Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call ...

9.8CVSS7.8AI score0.48081EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/05/02 3:30 p.m.85 views

GHSA-94PR-W968-H923 Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext

Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file jenkinsci.plugins.telegrambot.TelegramBotGlobalConfiguration.xml on the Jenkins controller as part of its configuration. This token can be viewed by users with access to the...

3.3CVSS4.8AI score0.0052EPSS
Exploits0References4
Rows per page
Query Builder