U.S. Dept Of Defense: Information Disclosure via Publicly Accessible Debug Log

A publicly accessible WordPress debug log file was discovered on the target system. The log file contained PHP warnings and deprecated notices that disclosed sensitive server paths and plugin details. This exposure may have assisted an attacker in fingerprinting the environment or exploiting know...

SUSE CVE-2016-3723

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints...

Missing Authorization in Jenkins Configuration as Code Plugin

Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins...

GHSA-8572-5JRG-MX52 Exposure of Sensitive Information in Jenkins Core

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints...

CloudBees Jenkins Configuration as Code Plugin License Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . Configuration as Code Plugin is used in which a Jenki...

jenkins: Information on installed plugins exposed via API (SECURITY-250)

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints...

Solaris 8 (sparc) : 111325-02

SunOS 5.8: /usr/lib/saf/ttymon patch. Date this patch was last updated by Sun : Jun/14/02 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if descripti...

Web Server Directory Enumeration

This plugin attempts to determine the presence of various common directories on the remote web server. By sending a request for a directory, the web server response code indicates if it is a valid directory or not. This plugin was written by H D Moore Changes by Tenable: - Revised plugin title...