55 matches found
EUVD-2022-2809
Malicious code in bioql PyPI...
EUVD-2022-2511
Malicious code in bioql PyPI...
CVE-2019-1003079
A missing permission check in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpldoTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
CVE-2019-1003078
A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
GHSA-CG4H-CFJP-H3X2 Password stored in plain text by Jenkins VMware Lab Manager Slaves Plugin
Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...
Password stored in plain text by Jenkins VMware Lab Manager Slaves Plugin
Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...
Jenkins VMware Lab Manager Slaves Plugin vulnerable to Improper Certificate Validation
VMware Lab Manager Slaves Plugin unconditionally disables SSL/TLS certificate validation for the entire Jenkins controller JVM. As of publication of this advisory, there is no fix...
GHSA-JXG7-CGHF-MGGX Jenkins VMware Lab Manager Slaves Plugin vulnerable to Improper Certificate Validation
VMware Lab Manager Slaves Plugin unconditionally disables SSL/TLS certificate validation for the entire Jenkins controller JVM. As of publication of this advisory, there is no fix...
GHSA-6J5J-W6V4-RWQR Jenkins VMware Lab Manager Slaves Plugin vulnerable CSRF vulnerability
A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
Jenkins VMware Lab Manager Slaves Plugin vulnerable CSRF vulnerability
A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
Missing permission check in Jenkins VMware Lab Manager Slaves Plugin
A missing permission check in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpldoTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
GHSA-56FF-M6PV-8594 Missing permission check in Jenkins VMware Lab Manager Slaves Plugin
A missing permission check in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpldoTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
CloudBees Jenkins Information Disclosure Vulnerability (CNVD-2020-63994)
CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. The product is mainly used to monitor continuous software version release/testing projects and some timed tasks.VMware Lab Manager Slaves Plugin is used in which a plugin for controlling virtual...
CVE-2020-2319
Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
CVE-2020-2319
Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
Design/Logic Flaw
Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...
CVE-2020-2319
CVE-2020-2319 affects Jenkins VMware Lab Manager Slaves Plugin versions 0.2.8 and earlier. The underlying issue is that a password is stored in plain text in the global config.xml on the Jenkins controller, making it viewable by anyone with access to the controller’s filesystem. The impact is exp...
PT-2020-15553 · Cloudbees +2 · Jenkins +1
Name of the Vulnerable Software and Affected Versions: Jenkins VMware Lab Manager Slaves Plugin versions 0.2.8 and earlier Description: The issue concerns the storage of a password in an unencrypted form in the global config.xml file on the Jenkins controller. This allows users with access to the...
CloudBees Jenkins VMware Lab Manager Slaves Plugin Authorization Issue Vulnerability (CNVD-2019-30405)
CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. The product is mainly used to monitor continuous software version release/testing projects and some timed tasks.VMware Lab Manager Slaves Plugin is used in which a plugin for controlling virtual...
CloudBees Jenkins VMware Lab Manager Slaves Plugin Trust Management Issue Vulnerability
CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. The product is mainly used to monitor continuous software version release/testing projects and some timed tasks.VMware Lab Manager Slaves Plugin is used in which a plugin for controlling virtual...