17 matches found
EUVD-2021-1415
Malware in sbrugna...
EUVD-2021-1317
Malware in sbrugna...
CVE-2021-21650
Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the optional Run/Artifacts permission is enabled...
CVE-2021-21651
Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles...
CVE-2020-2114
Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...
GHSA-FFR6-8CV5-J637 Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration
S3 Publisher Plugin stores a secret key in its global configuration. While the credential is stored encrypted on disk, it is transmitted in plain text as part of the configuration form by S3 publisher Plugin 0.11.4 and earlier. This can result in exposure of the credential through browser...
Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration
S3 Publisher Plugin stores a secret key in its global configuration. While the credential is stored encrypted on disk, it is transmitted in plain text as part of the configuration form by S3 publisher Plugin 0.11.4 and earlier. This can result in exposure of the credential through browser...
GHSA-W5RH-J4G3-JR29 Missing Authorization in Jenkins S3 publisher Plugin
Jenkins S3 publisher Plugin prior to 0.11.7 and 0.11.5.1 does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to obtain the list of configured profiles. S3 publisher Plugin 0.11.7 and 0.11.5.1 performs permission checks when providing a list ...
Missing Authorization in Jenkins S3 publisher Plugin
Jenkins S3 publisher Plugin prior to 0.11.7 and 0.11.5.1 does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to obtain the list of configured profiles. S3 publisher Plugin 0.11.7 and 0.11.5.1 performs permission checks when providing a list ...
CloudBees Jenkins S3 publisher Plugin Authorization Issues Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An authorization issue...
CVE-2021-21651
Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles...
CVE-2021-21650
Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the optional Run/Artifacts permission is enabled...
Code injection
Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles...
PT-2021-14694 · Jenkins · Jenkins S3 Publisher Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins S3 publisher Plugin versions 0.11.6 and earlier Description: The issue is related to a missing permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles. This affec...
Jenkins 信息泄露漏洞
CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An authorization issue...
CVE-2020-2114
CVE-2020-2114 affects the Jenkins S3 Publisher Plugin (versions ≤ 0.11.4). The plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, exposing secrets to the browser environment and potentially to extensions or scripts. The root cause is the creden...
PT-2020-15321 · Jenkins · Jenkins S3 Publisher Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins S3 publisher Plugin versions 0.11.4 and earlier Description: The issue concerns the transmission of configured credentials in plain text as part of the global Jenkins configuration form, potentially leading to their exposure. This...