Lucene search
K

34 matches found

Github Security Blog
Github Security Blog
added 2022/05/24 4:58 p.m.29 views

Jenkins Cadence vManager Plugin disables SSL/TLS and hostname verification

Jenkins Cadence vManager Plugin prior to version 2.7.1 disables SSL/TLS and hostname verification globally for the Jenkins master JVM. This issue is patched in 2.7.1...

8.2CVSS2.3AI score0.00993EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2020/09/08 12:0 a.m.3 views

CloudBees Jenkins XSS Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An XSS vulnerability exists i...

5.4CVSS6.6AI score0.00753EPSS
Exploits0References1
OSV
OSV
added 2020/09/01 2:15 p.m.13 views

CVE-2020-2243

Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Run/Update permission...

5.4CVSS5.5AI score0.00753EPSS
Exploits0References2
NVD
NVD
added 2020/09/01 2:15 p.m.20 views

CVE-2020-2243

Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Run/Update permission...

5.4CVSS5.3AI score0.00753EPSS
Exploits0References2
Prion
Prion
added 2020/09/01 2:15 p.m.15 views

Cross site scripting

Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Run/Update permission...

3.5CVSS5.3AI score0.00753EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2020/09/01 1:50 p.m.22 views

CVE-2020-2243

Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Run/Update permission...

5.4CVSS2.6AI score0.00753EPSS
Exploits0References2
CVE
CVE
added 2020/09/01 1:50 p.m.70 views

CVE-2020-2243

Jenkins Cadence vManager Plugin 3.0.4 and earlier is affected by CVE-2020-2243: it does not escape build descriptions in tooltips, causing a stored XSS vulnerability that can be exploited by attackers with Run/Update permission. Several connected sources confirm the issue and note that Cadence vM...

5.4CVSS5.2AI score0.00753EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/09/01 1:50 p.m.24 views

CVE-2020-2243

Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Run/Update permission...

5.3AI score0.00753EPSS
Exploits0References2
CNVD
CNVD
added 2019/10/23 12:0 a.m.2 views

CloudBees Jenkins Cadence vManager Plugin Trust Management Issue Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. company CloudBees. The product is mainly used to monitor the continuous software version of the release/test project and some timed execution of the task . Cadence vManager Plugin is use...

8.2CVSS7AI score0.00993EPSS
Exploits0References1
NVD
NVD
added 2019/10/16 2:15 p.m.15 views

CVE-2019-10446

Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM...

8.2CVSS8.3AI score0.00993EPSS
Exploits0References1
OSV
OSV
added 2019/10/16 2:15 p.m.12 views

CVE-2019-10446

Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM...

8.2CVSS7.1AI score
Exploits0References1
Prion
Prion
added 2019/10/16 2:15 p.m.8 views

Design/Logic Flaw

Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM...

6.4CVSS8.2AI score0.00993EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/10/16 1:0 p.m.68 views

CVE-2019-10446

CVE-2019-10446 affects Jenkins Cadence vManager Plugin versions prior to 2.7.1, where SSL/TLS and hostname verification were disabled globally on the Jenkins master JVM. Root cause: the plugin trusts all certificates, weakening transport security. Impact stated across sources includes risk to con...

8.2CVSS8.2AI score0.00993EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2019/10/16 12:0 a.m.5 views

PT-2019-11840 · Jenkins · Jenkins Cadence Vmanager Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Cadence vManager Plugin versions prior to 2.7.1 Description: The issue concerns the disabling of SSL/TLS and hostname verification globally for the Jenkins master JVM. This affects the security of the Jenkins master JVM, potentially...

8.2CVSS8.1AI score0.00993EPSS
Exploits0References6
Rows per page
Query Builder