Lucene search
K

5 matches found

OSV
OSV
added 2022/05/24 5:8 p.m.17 views

GHSA-64JR-GGW8-H9JC Credentials stored in plain text by debian-package-builder Plugin

debian-package-builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file ru.yandex.jenkins.plugins.debuilder.DebianPackageBuilder.xml on the Jenkins controller. This credential can be viewed by users with access to the Jenkins controller file system...

3.3CVSS4.4AI score0.00691EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/02/15 12:0 a.m.84 views

Jenkins Enterprise and Operations Center < 2.277.43.0.5 / 2.319.2.5 Multiple Vulnerabilities (CloudBees Security Advisory 2022-01-12)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.277.x prior to 2.277.43.0.5, or 2.x prior to 2.319.2.5. It is, therefore, affected by a multiple vulnerabilities, including the following: - Jenkins Docker Commons Plugin 1.17 and earlier does not...

9CVSS6.4AI score0.81842EPSS
Exploits0References25
NVD
NVD
added 2022/01/12 8:15 p.m.18 views

CVE-2022-23118

Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line git at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller...

9CVSS0.01603EPSS
Exploits0References2
OSV
OSV
added 2022/01/12 8:15 p.m.37 views

CVE-2022-23118

Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line git at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller...

8.8CVSS8.8AI score
Exploits0References2
CVE
CVE
added 2020/02/12 2:35 p.m.60 views

CVE-2020-2125

The CVE-2020-2125 issue affects Jenkins Debian Package Builder Plugin versions 1.6.11 and earlier. The vulnerability is that the plugin stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master/controller, specifically ru.yandex.jenkins.plugins.debuilder.DebianPac...

4.3CVSS4.5AI score0.00691EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder