CVE-2019-10375

An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master...

CVE-2022-41250

A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

GHSA-QJ7P-9HGF-X8J7 Passwords stored in plain text by Harvest SCM Plugin

Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

Passwords stored in plain text by Harvest SCM Plugin

Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

Passwords stored in plain text by Harvest SCM Plugin

Harvest SCM Plugin 0.5.1 and earlier stores SCM passwords unencrypted in its global configuration file hudson.plugins.harvest.HarvestSCM.xml and in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission job config.xml only or access ...

Arbitrary file read vulnerability in Jenkins File System SCM Plugin

An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master...

Jenkins Poll SCM Plugin vulnerable to Cross-Site Request Forgery

Jenkins Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy acti...

CVE-2020-2130

Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system...

CVE-2020-2130

Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system...

CVE-2020-2131

Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2020-2131

Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

Design/Logic Flaw

Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2020-2131

Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2020-2130

CVE-2020-2130 concerns the Jenkins Harvest SCM Plugin (versions ≤ 0.5.1), where passwords are stored unencrypted in the Jenkins master configuration. The vulnerability, documented across multiple sources (GHSA and OSV/NVD records), states that credentials are kept in plaintext in the global confi...

CVE-2020-2131

The CVE-2020-2131 issue affects Jenkins Harvest SCM Plugin versions 0.5.1 and earlier, where passwords are stored unencrypted in the job config.xml on the Jenkins master. This enables exposure to users with Extended Read permission or anyone with master filesystem access. The connected advisories...

PT-2020-15339 · Jenkins · Jenkins Harvest Scm Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Harvest SCM Plugin versions 0.5.1 and earlier Description: The issue concerns the storage of passwords in an unencrypted manner within the global configuration file on the Jenkins master. This allows users with access to the master fi...

CVE-2019-10375

An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master...

CVE-2019-10375

An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master...

Design/Logic Flaw

An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master...

CVE-2019-10375

An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master...