65 matches found
CVE-2023-28673
A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2023-28672
Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...
CVE-2023-28672
CVE-2023-28672 affects Jenkins OctoPerf Load Testing Plugin (versions 4.5.1 and earlier). The root cause is a missing permission check in the connection test HTTP endpoint, enabling attackers with Overall/Read to reach an attacker‑specified URL using attacker‑specified credentials IDs sourced thr...
CVE-2023-28671
A cross-site request forgery CSRF vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2023-28671
The CVE-2023-28671 vulnerability affects Jenkins OctoPerf Load Testing Plugin, versions 4.5.0 and earlier. It is a CSRF flaw that lets an attacker connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials store...
CVE-2023-28671
A cross-site request forgery CSRF vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
PT-2023-21895 · Jenkins · Jenkins Octoperf Load Testing Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins OctoPerf Load Testing Plugin Plugin versions 4.5.2 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials. T...
PT-2023-21894 · Jenkins · Jenkins Octoperf Load Testing Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins OctoPerf Load Testing Plugin Plugin versions 4.5.2 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. This can...
com.adobe.aem:aem-sdk-api (=2020.6.3800.20200626T210738Z-200604), com.adobe.cq:core.wcm.components.testing.aem-mock-plugin (>=2.17.10 <=2.24.6) +113 more potentially affected by CVE-2023-25621 via org.apache.sling:org.apache.sling.i18n (>=2.0.2 <=2.5.6)
org.apache.sling:org.apache.sling.i18n MAVEN version =2.0.2, =2.17.10, =0.0.10, =1.0, =5.5.4, =5.6.2 and more Source cves: CVE-2023-25621 Source advisory: OSV:GHSA-MRPV-5PMR-P92H...
CVE-2022-36894
An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfbf and earlier allows attackers with Overall/Read permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content...
CVE-2022-36894
An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfbf and earlier allows attackers with Overall/Read permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content...
CVE-2022-36894
CVE-2022-36894 concerns an arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin (64.vc0d66de1dfb_f and earlier). The issue allows attackers with Overall/Read permissions to create or replace arbitrary files on the Jenkins controller filesystem with content of their choosi...
GHSA-Q4QQ-8Q2R-G2F2 Passwords transmitted in plain text by Jenkins ReadyAPI Functional Testing Plugin
ReadyAPI Functional Testing Plugin stores project passwords in job config.xml files on the Jenkins controller as part of its configuration. While these passwords are stored encrypted on disk since ReadyAPI Functional Testing Plugin 1.4, they are transmitted in plain text as part of the global...
GHSA-8X6C-375H-PM4F Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin
Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin
Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
Design/Logic Flaw
Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system...
CVE-2020-2251
CVE-2020-2251 affects the Jenkins SoapUI Pro Functional Testing Plugin (versions up to 1.5). The issue, described in multiple sources, is that project passwords are transmitted in plain text as part of job configuration forms within the plugin, creating a potential information disclosure risk. Se...
CVE-2020-2250
CVE-2020-2250 affects Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier. The underlying issue is that project passwords are stored unencrypted in job config.xml files on the Jenkins controller, enabling disclosure when an attacker has Extended Read permission or file-system access to t...
Unspecified Vulnerability in CloudBees Jenkins Extensive Testing Plugin
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Extensive Testing Plugin is used in one of th...
CVE-2019-10448
Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...