5 matches found
CVE-2019-10415
Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
CVE-2019-10415
Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...
CVE-2019-10415
CVE-2019-10415 affects Jenkins Violation Comments to GitLab Plugin, version 2.28 and earlier. The root issue is that API tokens/credentials were stored unencrypted in the plugin’s global configuration file on the Jenkins master, enabling viewing by users with access to the master filesystem. Impa...
CVE-2019-10416
Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10416
Summary: CVE-2019-10416 affects the Jenkins Violation Comments to GitLab Plugin (version 2.28 and earlier). The underlying issue is storage of credentials in plaintext within job config.xml files on the Jenkins master, exposing tokens to users with Extended Read permission or anyone with access t...