CloudBees Jenkins AWS Global Configuration Plugin Access Control Error Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An access control error...

CloudBees Jenkins Azure Key Vault Authorization Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An authorization issue...

PT-2020-15553 · Cloudbees +2 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins VMware Lab Manager Slaves Plugin versions 0.2.8 and earlier Description: The issue concerns the storage of a password in an unencrypted form in the global config.xml file on the Jenkins controller. This allows users with access to the...

CVE-2020-24416

Marketo Sales Insight plugin version 1.4355 and earlier is affected by a blind stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to...

jenkins-credentials-binding-plugin: improper masking of secrets

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets containing a $ character in some circumstances...

PT-2020-15521 · Jenkins · Couchdb-Statistics Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins couchdb-statistics Plugin versions 0.3 and earlier Description: The issue concerns the storage of the server password in an unencrypted form in the global configuration file on the Jenkins controller. Specifically, the password is...

CVE-2020-23837

A Cross-Site Request Forgery CSRF vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin or other users after an authenticated admin visits a third-party site or clicks on a URL...

CloudBees Jenkins Liquibase Runner Code Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A security vulnerability exis...

CloudBees Jenkins chosen-views-tabbar Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

CloudBees Jenkins Cross-Site Scripting Vulnerability (CNVD-2020-52608)

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . Jenkins Custom Job Icon plugi...

PT-2020-15487 · Jenkins · Jenkins Android Lint Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Android Lint Plugin versions 2.6 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the plugin does not escape the annotation message in tooltips. This can be exploited ...

PT-2020-15495 · Jenkins · Jenkins Clearcase Release Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins ClearCase Release Plugin version 0.3 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the composite baseline in the badge tooltip is not properly escaped, allowing...

CloudBees Jenkins XXE Vulnerability (CNVD-2020-50958)

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A XXE vulnerability exists in...

CloudBees Jenkins Information Disclosure Vulnerability (CNVD-2020-51391)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . LTS is a long-term support for...

CVE-2020-24314

Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitize the value of the "t" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL...

WordPress Responsive Lightbox2 1.0.2 Cross Site Scripting

Exploit Title: WordPress Responsive Lightbox2 Plugin v1.0.2 - Persistent Cross-Site Scripting Date: 2020-08-14 Vendor Homepage: https://noorsplugin.com/ Vendor Changelog: https://wordpress.org/plugins/responsive-lightbox2/developers Exploit Author: Melbin K Mathew @melbinkm Author Advisory:...

PT-2020-5832 · Jenkins · Jenkins Flaky Test Handler Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Flaky Test Handler Plugin versions 1.0.4 and earlier Description: The issue is related to a cross-site request forgery CSRF vulnerability in the "Deflake this build" feature of the Jenkins Flaky Test Handler Plugin. This vulnerability...

PT-2020-15453 · Jenkins · Jenkins Email Extension Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Email Extension Plugin versions 2.72 through 2.73 Description: The issue concerns the transmission and display of the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure...

jenkins-credentials-binding-plugin: improper masking of secrets

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets containing a $ character in some circumstances...

PT-2020-15416 · Jenkins · Jenkins Fortify On Demand Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Fortify on Demand Plugin versions 6.0.0 and earlier Description: A missing permission check in form-related methods of the Jenkins Fortify on Demand Plugin allowed users with Overall/Read access to enumerate credentials ID of...