6 matches found
CVE-2023-24439
CVE-2023-24439 affects Jenkins JIRA Pipeline Steps Plugin (versions up to 2.0.165.v8846cf59f3db). The vulnerability arises from storing private keys unencrypted in the plugin’s global configuration file on the Jenkins controller (org.thoughtslive.jenkins.plugins.jira.JiraStepsConfig.xml), which c...
Jenkins Google Compute Engine Plugin has an unspecified vulnerability
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.A security vulnerability exists in the Jenkins Google Compute Engine Plugin, which stems from storing unencrypted private...
CVE-2022-29052
CVE-2022-29052 affects Jenkins Google Compute Engine Plugin 4.3.8 and earlier, which stores private keys unencrypted in cloud agent config.xml on the Jenkins controller, enabling viewing by users with Extended Read permission or filesystem access. This exposes sensitive keys; no exploit details a...
CVE-2011-4447
The "encrypt wallet" feature in wxBitcoin and bitcoind 0.4.x before 0.4.1, and 0.5.0rc, does not properly interact with the deletion functionality of BSDDB, which allows context-dependent attackers to obtain unencrypted private keys from Bitcoin wallet files by bypassing the BSDDB interface and...
CVE-2011-4447
Removed by vendor...
FreeBSD -- pam_ssh improperly grants access when user account has unencrypted SSH private keys
Problem Description: The OpenSSL library call used to decrypt private keys ignores the passphrase argument if the key is not encrypted. Because the pamssh module only checks whether the passphrase provided by the user is null, users with unencrypted SSH private keys may successfully authenticate...