CVE-2019-10448

Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-10448

CVE-2019-10448 affects the Jenkins Extensive Testing Plugin, where credentials are stored unencrypted in job config.xml files on the Jenkins master. This allows disclosure to anyone with Extended Read permission or with access to the master file system. The core issue is plaintext credential stor...

CVE-2019-10448

Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

PT-2019-11842 · Jenkins · Jenkins Extensive Testing Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Extensive Testing Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within job config.xml files on the Jenkins master. Users with Extended Read permission or...

Nessus plug-in“arms”tutorial-vulnerability warning-the black bar safety net

! Overview In a recent internal penetration test, we need to use a Java two-stage deserialization vulnerability. In this article, we will tell you how to transform the Nessus plugin, because the plugin was originally only the use of an existing RCE vulnerability, but we will teach you how to...