20 matches found
EUVD-2022-4539
Malicious code in bioql PyPI...
SUSE CVE-2020-2239
Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...
GHSA-MC22-25R3-2W9W Parameterized Trigger Plugin fails to check Item/Build permission
Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins. The plugin has been adapted to now check for Item/Build permission before triggering a...
Parameterized Trigger Plugin fails to check Item/Build permission
Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins. The plugin has been adapted to now check for Item/Build permission before triggering a...
CVE-2022-27195
Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their build.xml files. These values are stored unencrypted and can be viewed by users with access to...
Jenkins Parameterized Trigger Plugin Information Disclosure Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. These values are stored and can be viewed by an attacker with access to the...
GHSA-5MPF-HW8F-86W9 Sensitive parameter values captured in build metadata files by Jenkins Parameterized Trigger Plugin
Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their build.xml files. These values are stored unencrypted and can be viewed by users with access to...
Sensitive parameter values captured in build metadata files by Jenkins Parameterized Trigger Plugin
Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their build.xml files. These values are stored unencrypted and can be viewed by users with access to...
CVE-2022-27195
Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their build.xml files. These values are stored unencrypted and can be viewed by users with access to...
CVE-2022-27195
Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their build.xml files. These values are stored unencrypted and can be viewed by users with access to...
CVE-2022-27195
Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their build.xml files. These values are stored unencrypted and can be viewed by users with access to...
Design/Logic Flaw
Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their build.xml files. These values are stored unencrypted and can be viewed by users with access to...
CVE-2022-27195
Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their build.xml files. These values are stored unencrypted and can be viewed by users with access to...
CVE-2022-27195
CVE-2022-27195 affects Jenkins Parameterized Trigger Plugin (versions 2.43 and earlier). The vulnerability arises from the plugin capturing environment variables passed to builds triggered by the plugin, including password parameter values, and storing them unencrypted in build.xml files. These s...
Jenkins Plugin Parameterized Trigger 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. These values are stored and can be viewed by an attacker with access to the...
Unspecified Vulnerability in CloudBees Parameterized Trigger Plugin
CloudBees Parameterized Trigger Plugin is a parameterized trigger plugin in the U.S. CloudBees company's Jenkins Java-based development of continuous integration tools. An unspecified vulnerability exists in the CloudBees Parameterized Trigger Plugin that stems from the program's failure to detec...
CVE-2017-1000084
Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins...
Authentication flaw
Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins...
CVE-2017-1000084
Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins...
CVE-2017-1000084
CVE-2017-1000084 concerns the Jenkins Parameterized Trigger Plugin, where the component failed to enforce Item/Build permissions during downstream triggering. The underlying issue allowed a build to trigger other projects without proper authorization, potentially enabling unauthorized project lau...