35 matches found
EUVD-2022-2637
Malicious code in bioql PyPI...
EUVD-2022-2554
Malicious code in bioql PyPI...
EUVD-2022-4657
Malicious code in bioql PyPI...
CVE-2023-3300
HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1...
CVE-2021-21681
Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...
CVE-2019-1003093
A missing permission check in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpldoTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
CVE-2019-1003092
A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
GHSA-5C2C-CVG6-GHJM Password stored in plain text by Jenkins Nomad Plugin
Jenkins Nomad Plugin 0.7.4 and earlier stores the passwords to authenticate against the Docker registry unencrypted in the global config.xml file on the Jenkins controller as part of its worker templates configuration. These passwords can be viewed by users with access to the Jenkins controller...
Password stored in plain text by Jenkins Nomad Plugin
Jenkins Nomad Plugin 0.7.4 and earlier stores the passwords to authenticate against the Docker registry unencrypted in the global config.xml file on the Jenkins controller as part of its worker templates configuration. These passwords can be viewed by users with access to the Jenkins controller...
Cross-site request forgery vulnerability in Jenkins Nomad Plugin
A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
GHSA-5Q63-JVC9-QPHV Cross-site request forgery vulnerability in Jenkins Nomad Plugin
A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
GHSA-P278-2QH9-6MWJ Jenkins Nomad Plugin missing permission check
A missing permission check in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpldoTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
Jenkins Nomad Plugin missing permission check
A missing permission check in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpldoTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
CloudBees Jenkins Nomad Plugin Information Disclosure Vulnerability
CloudBees Jenkins Hudson Labs is a Java-based continuous integration tool developed by CloudBees, Inc. An information disclosure vulnerability exists in CloudBees Jenkins Nomad Plugin 0.7.4 and prior versions. The vulnerability is caused by the program storing unencrypted Docker passwords in the...
CVE-2021-21681
Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...
CVE-2021-21681
Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...
Denial of service
Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...
CVE-2021-21681
Jenkins Nomad Plugin prior to version 0.7.5 stores Docker registry credentials in plaintext in the global config.xml on the Jenkins controller, exposing them to any user with file-system access. This CVE (CVE-2021-21681) affects 0.7.4 and earlier. Root cause is unencrypted storage of passwords in...
CVE-2021-21681
Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...
PT-2021-14724 · Jenkins · Jenkins Nomad Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Nomad Plugin versions 0.7.4 and earlier Description: The issue allows Docker passwords to be stored unencrypted in the global config.xml file on the Jenkins controller. These passwords can be viewed by users with access to the Jenkins...