SUSE CVE-2018-6356

Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should not have access to. On...

CVE-2019-16543

Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

PT-2019-11853 · Jenkins · Jenkins Mattermost Notification Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Mattermost Notification Plugin versions 2.7.0 and earlier Description: The issue allows stored webhook URLs containing a secret token to be viewed unencrypted in the global configuration file and job config.xml files on the Jenkins...

CVE-2019-10426

Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-10423

Jenkins CodeScan Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

PT-2019-11820 · Jenkins · Jenkins Ecs Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Gem Publisher Plugin affected versions not specified Description: The issue concerns the storage of credentials in the global configuration file on the Jenkins master. These credentials are stored unencrypted, allowing users with acce...