36 matches found
CVE-2023-24440
Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure...
CVE-2023-24437
A cross-site request forgery CSRF vulnerability in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2023-24438
The CVE-2023-24438 issue affects Jenkins JIRA Pipeline Steps Plugin versions 2.0.165.v8846cf59f3db and earlier. The root cause is a missing permission check in methods handling form validation, enabling attackers with Overall/Read to connect to an attacker-specified URL using attacker-specified c...
CVE-2022-45381
The CVE-2022-45381 case concerns Jenkins Pipeline Utility Steps Plugin (
GHSA-W598-25HM-JQX3 RCE vulnerability in Jenkins Pipeline: AWS Steps Plugin
Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code execution RCE vulnerability exploitable by users able to provide YAML input files to Pipeline: AWS Steps Plugin’s build steps. Pipeline: AW...
RCE vulnerability in Jenkins Pipeline: AWS Steps Plugin
Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code execution RCE vulnerability exploitable by users able to provide YAML input files to Pipeline: AWS Steps Plugin’s build steps. Pipeline: AW...
GHSA-CCXH-J7HG-M5MR Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin
Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...
Remote code execution
Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability...
CVE-2020-2166
CVE-2020-2166 affects Jenkins Pipeline: AWS Steps Plugin versions 1.40 and earlier. The root cause is that the YAML parser is not restricted, allowing instantiation of arbitrary types and enabling remote code execution. The vulnerability is described across multiple sources as RCE via YAML input ...
PT-2020-15378 · Jenkins · Jenkins Pipeline: Aws Steps Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: AWS Steps Plugin versions 1.40 and earlier Description: The issue is related to the configuration of the YAML parser in the Jenkins Pipeline: AWS Steps Plugin, which does not prevent the instantiation of arbitrary types. Thi...
Unspecified Vulnerability in CloudBees Jenkins Kubernetes::Pipeline::Kubernetes Steps Plugin
CloudBees Jenkins Hudson Labs is a set of U.S. CloudBees company based on Java development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks.Kubernetes::Pipeline::Arquillian Steps Plugin is used in...
CVE-2019-10418
Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...
CVE-2019-10417
Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...
CVE-2019-10417
The CVE refers to Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin where a flawed custom Script Security whitelist allowed attackers to invoke arbitrary methods, bypassing the sandbox and potentially executing code. The entries from multiple sources corroborate that this is tied to the p...
PT-2019-11812 · Jenkins · Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin affected versions not specified Description: The issue allows attackers to invoke arbitrary methods, bypassing typical sandbox protection, due to a custom whitelist for script security...
PT-2019-11811 · Jenkins · Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin affected versions not specified Description: The issue concerns a custom whitelist for script security in the Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin, which allowed...