PT-2025-28930 · Jenkins · Jenkins User1St Utester Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins User1st uTester Plugin versions 1.1 and earlier Description: The Jenkins User1st uTester Plugin stores the uTester JWT JSON Web Token token unencrypted in its global configuration file on the Jenkins controller. This allows users with...

CVE-2017-9045

The Google I/O 2017 application before 5.1.4 for Android downloads multiple .json files from http://storage.googleapis.com without SSL, which makes it easier for man-in-the-middle attackers to spoof Feed and Schedule data by creating a modified blocksv4.json file...