14 matches found
CVE-2025-12773
CVE-2025-12773 involves a vulnerability in the Brocade SANnav product where the script update-reports-purge-settings.sh logs can include the SANnav database password in system audit logs on versions before 2.4.0a. The issue allows a remote authenticated attacker with audit-log access to retrieve ...
EUVD-2024-1897
Malicious code in bioql PyPI...
Unencrypted Stored Credentials
org.jenkins-ci.plugins:plain-credentials is vulnerable to Unencrypted Stored Credentials. The vulnerability is caused when decrypting file contents to check for valid encrypted secrets, resulting in the file content being stored unencrypted only Base64 encoded. An attacker with access to the...
CVE-2024-39459
A vulnerability was found in the Jenkins Plain Credentials Plugin, which stores secret file credentials unencrypted only Base64 encoded on the Jenkins controller file system. Users with access to the Jenkins controller file system global credentials or with Item/Extended Read permission...
GHSA-3CPQ-RW36-CPPV Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin
When creating secret file credentials Plain Credentials Plugin 182.v468b97b9dcb8 and earlier attempts to decrypt the content of the file to check if it constitutes a valid encrypted secret. In rare cases the file content matches the expected format of an encrypted secret, and the file content wil...
Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin
When creating secret file credentials Plain Credentials Plugin 182.v468b97b9dcb8 and earlier attempts to decrypt the content of the file to check if it constitutes a valid encrypted secret. In rare cases the file content matches the expected format of an encrypted secret, and the file content wil...
au.com.versent.jenkins.plugins:ignore-committer-strategy (=29.v7c3891a_434c3), com.cloudbees.jenkins.plugins:amazon-ecr (=1.151.vb_ca_71ddd0b_cf) +50 more potentially affected by CVE-2024-39459 via org.jenkins-ci.plugins:plain-credentials (>=139.ved2b_9cf7587b <=182.v468b_97b_9dcb_8)
org.jenkins-ci.plugins:plain-credentials MAVEN version =139.ved2b9cf7587b, =1.0.15, =3.9, =135.v4b75af974139, =101.v0f82809a8706, =1.2.0-39.v70b057553192, =69.v505a1d7c292a, =139.v0bc2603876bc, =1.043.v48c39cea3b75, =13.v147276d96cb1, =14.v3a74a9c50c5f, =19.va8b603...
CVE-2024-39459
In rare cases Jenkins Plain Credentials Plugin 182.v468b97b9dcb8 and earlier stores secret file credentials unencrypted only Base64 encoded on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system global credentials or with...
CVE-2024-39459
In rare cases Jenkins Plain Credentials Plugin 182.v468b97b9dcb8 and earlier stores secret file credentials unencrypted only Base64 encoded on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system global credentials or with...
CVE-2024-39459
In rare cases Jenkins Plain Credentials Plugin 182.v468b97b9dcb8 and earlier stores secret file credentials unencrypted only Base64 encoded on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system global credentials or with...
CVE-2024-39459
In rare cases Jenkins Plain Credentials Plugin 182.v468b97b9dcb8 and earlier stores secret file credentials unencrypted only Base64 encoded on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system global credentials or with...
CVE-2024-39459
In Jenkins, the Plain Credentials Plugin (versions 182.v468b_97b_9dcb_8 and earlier) can store secret file credentials unencrypted (Base64 only) on the Jenkins controller filesystem. This allows users with access to the controller filesystem or with Item/Extended Read permissions to view those cr...
Jenkins Plugin Plain Credentials Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application software ... A security vulnerabili...
undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUESTLOGGER.undertowRequestFailedt, exchange...