EUVD-2018-8771

Malware in sbrugna...

CVE-2022-34213

Jenkins Squash TM Publisher Squash4Jenkins Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

CVE-2018-16987

Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code...

CVE-2022-34213

Jenkins Squash TM Publisher Squash4Jenkins Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

CVE-2022-34213

Jenkins Squash TM Publisher Squash4Jenkins Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

Design/Logic Flaw

Jenkins Squash TM Publisher Squash4Jenkins Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

CVE-2022-34213

CVE-2022-34213 affects the Jenkins Squash TM Publisher (Squash4Jenkins) Plugin (versions 1.0.0 and earlier). The vulnerability arises from storing passwords unencrypted in the plugin’s global configuration on the Jenkins controller (org.jenkinsci.squashtm.core.SquashTMPublisher.xml). As a result,...

CVE-2022-34213

Jenkins Squash TM Publisher Squash4Jenkins Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

PT-2022-22084 · Jenkins · Jenkins Squash Tm Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Squash TM Publisher Squash4Jenkins Plugin versions 1.0.0 and earlier Description: The issue allows passwords to be stored unencrypted in the global configuration file on the Jenkins controller, making them accessible to users with...

CVE-2021-43578

Jenkins Squash TM Publisher Squash4Jenkins Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an...

CVE-2021-43578

CVE-2021-43578 affects the Jenkins Squash TM Publisher (Squash4Jenkins) Plugin, version 1.0.0 and earlier. The root cause is an agent-to-controller message that performs no input validation, enabling an attacker who can control agent processes to replace arbitrary files on the Jenkins controller ...

CVE-2021-43578

Jenkins Squash TM Publisher Squash4Jenkins Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an...

Jenkins 安全漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. Jenkins Plugin has a security vulnerability that stems from the Squash TM Publisher plugin version 1.0.0 and earlier...

Code injection

Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code...

CVE-2018-16987

Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code...

CVE-2018-16987

Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code...

CVE-2018-16987

Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code...

CVE-2018-16987

CVE-2018-16987 affects Squash TM up to version 1.18.0. The issue is that the administration panel exposes cleartext passwords of external services via a ta-server-password field in the HTML source, as demonstrated in multiple sources (NVD entry, Red Hat advisory, and related records). Affected co...