Lucene search
K

17 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-1415

Malware in sbrugna...

4.3CVSS4.6AI score0.00733EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-1317

Malware in sbrugna...

4.3CVSS4.6AI score0.00712EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/22 7:11 p.m.6 views

CVE-2021-21650

Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the optional Run/Artifacts permission is enabled...

4.3CVSS6.3AI score0.00712EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:11 p.m.12 views

CVE-2021-21651

Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles...

4.3CVSS6.5AI score0.00733EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:55 p.m.8 views

CVE-2020-2114

Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...

7.5CVSS6.8AI score0.01077EPSS
Exploits0
OSV
OSV
added 2022/05/24 5:8 p.m.20 views

GHSA-FFR6-8CV5-J637 Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration

S3 Publisher Plugin stores a secret key in its global configuration. While the credential is stored encrypted on disk, it is transmitted in plain text as part of the configuration form by S3 publisher Plugin 0.11.4 and earlier. This can result in exposure of the credential through browser...

3.1CVSS7.2AI score0.01077EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 5:8 p.m.22 views

Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration

S3 Publisher Plugin stores a secret key in its global configuration. While the credential is stored encrypted on disk, it is transmitted in plain text as part of the configuration form by S3 publisher Plugin 0.11.4 and earlier. This can result in exposure of the credential through browser...

7.5CVSS6.7AI score0.01077EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2021/06/16 5:29 p.m.23 views

GHSA-W5RH-J4G3-JR29 Missing Authorization in Jenkins S3 publisher Plugin

Jenkins S3 publisher Plugin prior to 0.11.7 and 0.11.5.1 does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to obtain the list of configured profiles. S3 publisher Plugin 0.11.7 and 0.11.5.1 performs permission checks when providing a list ...

4.3CVSS4.6AI score0.00733EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/06/16 5:29 p.m.51 views

Missing Authorization in Jenkins S3 publisher Plugin

Jenkins S3 publisher Plugin prior to 0.11.7 and 0.11.5.1 does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to obtain the list of configured profiles. S3 publisher Plugin 0.11.7 and 0.11.5.1 performs permission checks when providing a list ...

4.3CVSS4.7AI score0.00733EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2021/05/12 12:0 a.m.10 views

CloudBees Jenkins S3 publisher Plugin Authorization Issues Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An authorization issue...

4.3CVSS6.3AI score0.00712EPSS
Exploits0References1
OSV
OSV
added 2021/05/11 3:15 p.m.3 views

CVE-2021-21651

Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles...

4.3CVSS5.8AI score0.00733EPSS
Exploits0References1
OSV
OSV
added 2021/05/11 3:15 p.m.3 views

CVE-2021-21650

Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the optional Run/Artifacts permission is enabled...

4.3CVSS5.8AI score
Exploits0References1
Prion
Prion
added 2021/05/11 3:15 p.m.25 views

Code injection

Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles...

4CVSS4.4AI score0.00733EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/05/11 12:0 a.m.6 views

PT-2021-14694 · Jenkins · Jenkins S3 Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins S3 publisher Plugin versions 0.11.6 and earlier Description: The issue is related to a missing permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles. This affec...

4.3CVSS4.2AI score0.00733EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/05/11 12:0 a.m.6 views

Jenkins 信息泄露漏洞

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An authorization issue...

4.3CVSS5.9AI score0.00733EPSS
Exploits0References4
CVE
CVE
added 2020/02/12 2:35 p.m.69 views

CVE-2020-2114

CVE-2020-2114 affects the Jenkins S3 Publisher Plugin (versions ≤ 0.11.4). The plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, exposing secrets to the browser environment and potentially to extensions or scripts. The root cause is the creden...

7.5CVSS7.5AI score0.01077EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/02/12 12:0 a.m.10 views

PT-2020-15321 · Jenkins · Jenkins S3 Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins S3 publisher Plugin versions 0.11.4 and earlier Description: The issue concerns the transmission of configured credentials in plain text as part of the global Jenkins configuration form, potentially leading to their exposure. This...

7.5CVSS7.1AI score0.01077EPSS
Exploits0References6
Rows per page
Query Builder