5 matches found
Squash TM Publisher (Squash4Jenkins) Plugin stores passwords stored in plain text
Squash TM Publisher Squash4Jenkins Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file org.jenkinsci.squashtm.core.SquashTMPublisher.xml on the Jenkins controller as part of its configuration. These passwords can be viewed by users with access to the Jenkins...
GHSA-9H79-5M2F-MQJ2 Squash TM Publisher (Squash4Jenkins) Plugin stores passwords stored in plain text
Squash TM Publisher Squash4Jenkins Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file org.jenkinsci.squashtm.core.SquashTMPublisher.xml on the Jenkins controller as part of its configuration. These passwords can be viewed by users with access to the Jenkins...
Agent-to-controller security bypass in Jenkins Squash TM Publisher (Squash4Jenkins) Plugin allows writing arbitrary files
Jenkins Squash TM Publisher Squash4Jenkins Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an...
GHSA-H648-GJ34-5X4R Agent-to-controller security bypass in Jenkins Squash TM Publisher (Squash4Jenkins) Plugin allows writing arbitrary files
Jenkins Squash TM Publisher Squash4Jenkins Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an...
Input validation
Jenkins Squash TM Publisher Squash4Jenkins Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an...