com.nirima:docker-plugin (>=0.17 <=1.0.4), com.testinium.jenkins:testinium (=1.0) +38 more potentially affected by CVE-2020-2182 via org.jenkins-ci.plugins:credentials-binding (>=1.10 <=1.18)

org.jenkins-ci.plugins:credentials-binding MAVEN version =1.10, =0.17, =1.0.43, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-1, =1.2.7, =0.1.0, =0.1.1, =0.4.2 and more Source cves: CVE-2020-2182 Source advisory: OSV:GHSA-7FF8-QFWX-8GX5...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1593 more potentially affected by CVE-2020-2162 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.22)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2020-2162 Source advisory: OSV:GHSA-CRG2-6XV3-QG5F...

br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), com.amcbridge:build-configurator (>=1.0.5.0 <=1.0.6.1) +92 more potentially affected by CVE-2020-2136 via org.jenkins-ci.plugins:git (>=1.2.0 <=4.0.0-rc)

org.jenkins-ci.plugins:git MAVEN version =1.2.0, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.0.22, =1.0.57 and more Source cves: CVE-2020-2136 Source advisory: OSV:GHSA-6C7R-6P5M-CP82...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.logmein:pipeline-bamboo (>=0.0.1 <=0.0.2) +93 more potentially affected by CVE-2020-2109 via org.jenkins-ci.plugins.workflow:workflow-cps (>=0.1-beta-1 <=2.74)

org.jenkins-ci.plugins.workflow:workflow-cps MAVEN version =0.1-beta-1, =1.9.2-beta, =0.0.1, =8.0.12, =0.8, =1.0.14, =1.3.0, =1.0, =0.9.0, =1.0, =1.22, =0.0.8, =y - io.fabric8.pipeline:kubernetes-pipeline-aggregator =1.3 and more Source cves: CVE-2020-2109 Source advisory: OSV:GHSA-99MF-F3QH-WQRP...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1591 more potentially affected by CVE-2020-2102 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.20)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2020-2102 Source advisory: OSV:GHSA-FJ6F-6933-839J...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1591 more potentially affected by CVE-2020-2100 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.20)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2020-2100 Source advisory: OSV:GHSA-GPXV-776P-7GC7...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1191 more potentially affected by CVE-2015-1811 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.596)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =0.0.1, =0.9, =1.3, =1.0, =1.0.3, =1.0.0, =1.0, =1.0.0, =2.2.0, =1.0-beta-1, =4.18 - com.boxuk.jenkins:jslint =0.7.4 and more Source cves: CVE-2015-1811 Source advisory: OSV:GHSA-QG7X-4H4Q-3M49...

com.xti.jenkins.plugins:aws-lambda-jenkins-plugin (=0.0.1), org.jenkins-ci.main:jenkins-test-harness (>=1.597 <=1.599) +10 more potentially affected by CVE-2015-1809 via org.jenkins-ci.main:jenkins-core (>=1.597 <=1.599)

org.jenkins-ci.main:jenkins-core MAVEN version =1.597, =1.597, =1.597, =0.0.2, =1.2.0, =0.14.0, =1.0, =1.597, =1.17, =1.0, =1.0.0, =4.0, =4.2 Source cves: CVE-2015-1809 Source advisory: OSV:GHSA-QJ27-W92H-FC9R...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1191 more potentially affected by CVE-2015-1809 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.596)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =0.0.1, =0.9, =1.3, =1.0, =1.0.3, =1.0.0, =1.0, =1.0.0, =2.2.0, =1.0-beta-1, =4.18 - com.boxuk.jenkins:jslint =0.7.4 and more Source cves: CVE-2015-1809 Source advisory: OSV:GHSA-QJ27-W92H-FC9R...

com.xti.jenkins.plugins:aws-lambda-jenkins-plugin (=0.0.1), org.jenkins-ci.main:jenkins-test-harness (>=1.597 <=1.599) +10 more potentially affected by CVE-2015-1811 via org.jenkins-ci.main:jenkins-core (>=1.597 <=1.599)

org.jenkins-ci.main:jenkins-core MAVEN version =1.597, =1.597, =1.597, =0.0.2, =1.2.0, =0.14.0, =1.0, =1.597, =1.17, =1.0, =1.0.0, =4.0, =4.2 Source cves: CVE-2015-1811 Source advisory: OSV:GHSA-QG7X-4H4Q-3M49...

Ansible Uses Plugins That Disclose Credentials

Ansible, all ansibleengine-2.x versions and ansibleengine-3.x up to ansibleengine-3.5, was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed i...

GHSA-PM48-CVV2-29Q5 Ansible Uses Plugins That Disclose Credentials

Ansible, all ansibleengine-2.x versions and ansibleengine-3.x up to ansibleengine-3.5, was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed i...

br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), com.amcbridge:build-configurator (>=1.0.5.0 <=1.0.6.1) +135 more potentially affected by CVE-2019-10392 via org.jenkins-ci.plugins:git-client (>=1.0.2 <=2.7.7)

org.jenkins-ci.plugins:git-client MAVEN version =1.0.2, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.0.22, =1.0.57 and more Source cves: CVE-2019-10392 Source advisory: OSV:GHSA-HW6X-2QWV-RXR7...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1574 more potentially affected by CVE-2019-10384 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.17)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2019-10384 Source advisory: OSV:GHSA-VCR8-H8QP-QJ8H...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1574 more potentially affected by CVE-2019-10383 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.17)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2019-10383 Source advisory: OSV:GHSA-9M48-54PJ-H248...

com.barchart.jenkins:maven-release-cascade (>=1.0.0 <=1.3.2), com.groupon.jenkins.plugins:DotCi-Plugins-Starter-Pack (>=1.0.0 <=1.6.2) +120 more potentially affected by CVE-2019-10358 via org.jenkins-ci.main:maven-plugin (>=1.396 <=3.1)

org.jenkins-ci.main:maven-plugin MAVEN version =1.396, =1.0.0, =1.0.0, =1.0.0, =1.0b, =0.9, =0.4.0, =1.2, =1.0.0, =1.7, =0.9, =0.1, =0.33, =1.396, =1.644 and more Source cves: CVE-2019-10358 Source advisory: OSV:GHSA-HR96-QFVM-52R6...

GHSA-MQR8-3V8J-46WV Missing Authorization in Jenkins Configuration as Code Plugin

Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1574 more potentially affected by CVE-2019-10352 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.17)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2019-10352 Source advisory: OSV:GHSA-QR42-82QJ-MW65...

br.com.ingenieux.jenkins.plugins:awseb-deployment-plugin (>=0.3.5 <=0.3.15), com.barchart.jenkins:maven-release-cascade (>=1.0.0 <=1.3.2) +109 more potentially affected by CVE-2019-10337 via org.jenkins-ci.plugins:token-macro (>=1.0 <=2.7)

org.jenkins-ci.plugins:token-macro MAVEN version =1.0, =0.3.5, =1.0.0, =1.14.1, =4.1.1, =1.7.2, =1.1.2, =0.18, =0.1, =2.5.8, =3.0, =1.0-alpha-1, =1.2.0-beta-1 and more Source cves: CVE-2019-10337 Source advisory: OSV:GHSA-G6H2-4X64-C59X...

com.groupon.jenkins-ci.plugins:DotCi-Plugins-Starter-Pack (>=1.7.2 <=1.8.2), com.groupon.jenkins.plugins:DotCi-Plugins-Starter-Pack (>=1.0.0 <=1.7.1) +30 more potentially affected by CVE-2019-10308 via org.jvnet.hudson.plugins:analysis-core (>=1.0 <=1.94)

org.jvnet.hudson.plugins:analysis-core MAVEN version =1.0, =1.7.2, =1.0.0, =0.9, =2.5.0, =2.5.0, =2.5.0, =2.5.0, =0.7, =1.20, =1.0.1, =0.3, =7.97, =1.0, =1.0, =1.20 and more Source cves: CVE-2019-10308 Source advisory: OSV:GHSA-VVFJ-P4JF-J8RM...