Lucene search
K
JenkinsRecent

1464 matches found

Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/03/09 12:0 a.m.•7 views

XXE vulnerability in cobertura

cobertura 1.15 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for the 'Publish Cobertura Coverage Report' post-build step to have Jenkins parse a crafted file that uses external entities for extraction o...

7.1CVSS7.2AI score0.00926EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/03/09 12:0 a.m.•5 views

XXE vulnerability in rundeck

rundeck 3.6.6 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows a user with Overall/Read access to have Jenkins parse a crafted HTTP request with XML data that uses external entities for extraction of secrets from the Jenkins controller or...

7.1CVSS7.2AI score0.01081EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/03/09 12:0 a.m.•7 views

XSS vulnerability in Subversion Release Manager

Subversion Release Manager 1.2 and earlier does not escape the error message for the Repository URL field form validation. This results in a reflected cross-site scripting vulnerability that can also be exploited similar to a stored cross-site scripting vulnerability by users with Job/Configure...

6.1CVSS5.8AI score0.0124EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/03/09 12:0 a.m.•6 views

Credentials transmitted in plain text by deployhub

deployhub stores credentials in job config.xml files as part of its configuration. While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration form by deployhub 8.0.14 and earlier. These credentials could be viewed by users with Extended Rea...

4.3CVSS5.1AI score0.0064EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/03/09 12:0 a.m.•9 views

Arbitrary file write vulnerability in cobertura

cobertura 1.15 and earlier does not validate file paths from the XML file it parses. This allows attackers able to control the coverage report content to overwrite any file on the Jenkins controller file system. cobertura 1.16 sanitizes the file paths to prevent escape from the base directory...

8.5CVSS6.4AI score0.01593EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/03/09 12:0 a.m.•11 views

Missing SSH host key validation in mac

mac 1.1.0 and earlier does not use SSH host key validation when connecting to Mac Cloud host launched by the plugin. This lack of validation could be abused using a man-in-the-middle attack to intercept these connections to build agents. mac 1.2.0 validates SSH host keys when connecting to agents...

7.4CVSS7.3AI score0.0057EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/03/09 12:0 a.m.•5 views

Sandbox bypass vulnerability in script-security

Sandbox protection in script-security 1.70 and earlier can be circumvented through: Crafted constructor calls and bodies due to an incomplete fix of SECURITY-582 Crafted method calls on objects that implement GroovyInterceptable This allows attackers able to specify and run sandboxed scripts to...

8.8CVSS8.4AI score0.01006EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/03/09 12:0 a.m.•7 views

Credentials transmitted in plain text by logstash

logstash stores credentials in its global configuration file jenkins.plugins.logstash.LogstashConfiguration.xml on the Jenkins controller as part of its configuration. While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration form by...

5.3CVSS5.4AI score0.00614EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/03/09 12:0 a.m.•7 views

Credentials stored in plain text by zephyr-enterprise-test-management

zephyr-enterprise-test-management 1.9.1 and earlier stores its Zephyr password in plain text in the global configuration file com.thed.zephyr.jenkins.reporter.ZeeReporter.xml. This password can be viewed by users with access to the Jenkins controller file system. zephyr-enterprise-test-management...

5.5CVSS5.7AI score0.0033EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/03/09 12:0 a.m.•14 views

CSRF vulnerability and missing permission checks in mac

mac 1.1.0 and earlier does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to connect to an attacker-specified SSH host using attacker-specified credentials IDs obtained through another method, capturing credentials...

4.3CVSS4.8AI score0.00811EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/03/09 12:0 a.m.•8 views

Credentials transmitted in plain text by repository-connector

repository-connector stores credentials in its global configuration file org.jvnet.hudson.plugins.repositoryconnector.RepositoryConfiguration.xml on the Jenkins controller as part of its configuration. While the credentials are stored encrypted on disk, they are transmitted in plain text as part ...

5.3CVSS5.3AI score0.00614EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/03/09 12:0 a.m.•6 views

Credentials transmitted in plain text by quality-gates

quality-gates stores credentials in its global configuration file quality.gates.jenkins.plugin.GlobalConfig.xml on the Jenkins controller as part of its configuration. While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration form by...

5.3CVSS5.3AI score0.00736EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/03/09 12:0 a.m.•8 views

Credentials stored in plain text by zephyr-for-jira-test-management

zephyr-for-jira-test-management 1.5 and earlier stores Jira credentials unencrypted in its global configuration file com.thed.zephyr.jenkins.reporter.ZfjReporter.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system. As of...

5.5CVSS5.7AI score0.00273EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/03/09 12:0 a.m.•6 views

Stored XSS vulnerability in git

git 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation. This results in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission. git 4.2.1 escapes the affected part of the error messag...

5.4CVSS5.9AI score0.00853EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/03/09 12:0 a.m.•8 views

XSS vulnerability in audit-trail

audit-trail 3.2 and earlier does not escape the error message for the URL Patterns field form validation. This results in a reflected cross-site scripting vulnerability that can also be exploited similar to a stored cross-site scripting vulnerability by users with Overall/Administer permission...

6.1CVSS5.8AI score0.75975EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/03/09 12:0 a.m.•14 views

Credentials transmitted in plain text by backlog

backlog stores credentials in job config.xml files as part of its configuration. While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration form by backlog 2.4 and earlier. These credentials could be viewed by users with Extended Read...

4.3CVSS5.1AI score0.00646EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/03/09 12:0 a.m.•13 views

Credentials transmitted in plain text by sonar-quality-gates

sonar-quality-gates stores credentials in its global configuration file org.quality.gates.jenkins.plugin.GlobalConfig.xml on the Jenkins controller as part of its configuration. While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration for...

5.3CVSS4.8AI score0.00614EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/03/09 12:0 a.m.•8 views

OS command injection in CryptoMove

CryptoMove 0.1.33 and earlier allows the configuration of an OS command to execute as part of its build step configuration. This command will be executed on the Jenkins controller as the OS user account running Jenkins, allowing user with Job/Configure permission to execute an arbitrary OS comman...

9CVSS8.2AI score0.02003EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/03/09 12:0 a.m.•7 views

Credentials transmitted in plain text by openshift-deployer

openshift-deployer stores credentials in its global configuration file org.jenkinsci.plugins.openshift.DeployApplication.xml on the Jenkins controller as part of its configuration. While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration...

5.3CVSS5.3AI score0.00614EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/03/09 12:0 a.m.•7 views

RCE vulnerability in Literate

Literate 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code execution vulnerability exploitable by users able to provide YAML input files to Literate's build step. As of publication of this advisory, there is no fix...

8.8CVSS8.8AI score0.02867EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/03/09 12:0 a.m.•10 views

Credentials transmitted in plain text by skytap

skytap stores credentials in job config.xml files as part of its configuration. While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration form by skytap 2.07 and earlier. These credentials could be viewed by users with Extended Read...

4.3CVSS5.1AI score0.00511EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/03/09 12:0 a.m.•10 views

CSRF vulnerability and missing permission checks in p4

p4 1.10.10 and earlier does not perform permission checks in several HTTP endpoints. This allows users with Overall/Read access to trigger builds or add labels in the Perforce repository. Additionally, these endpoints do not require POST requests, resulting in a cross-site request forgery CSRF...

4.3CVSS4.9AI score0.00636EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/02/12 12:0 a.m.•6 views

Stored XSS vulnerability in brakeman

brakeman 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability. This vulnerability can be exploited by users able to control the Brakeman post-build step input data. brakeman 0.13 escape affected values...

5.4CVSS5.4AI score0.00822EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/02/12 12:0 a.m.•12 views

Password stored in plain text by environment-manager

environment-manager 2.14 and earlier stores a repository password unencrypted in job config.xml files as part of its configuration. This credential can be viewed by users with Extended Read permission or access to the Jenkins controller file system. As of publication of this advisory, there is no...

6.5CVSS6.4AI score0.00852EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/02/12 12:0 a.m.•8 views

XXE vulnerability in fitnesse

fitnesse 1.30 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for its post-build step to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller...

8.8CVSS8.1AI score0.0115EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/02/12 12:0 a.m.•7 views

Multiple stored XSS vulnerabilities in git-parameter

git-parameter 0.9.11 and earlier does not correctly escape the parameter name or default value. This results in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission. git-parameter 0.9.12 escapes the parameter name and default value shown on the UI...

5.4CVSS5.3AI score0.00735EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/02/12 12:0 a.m.•9 views

Stored XSS vulnerability in subversion

subversion 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation. This results in a stored cross-site scripting vulnerability exploitable by users able to specify such base URLs, for example users able to configure Multibranch Pipelines...

5.4CVSS5.7AI score0.0093EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/02/12 12:0 a.m.•7 views

Credential transmitted in plain text by s3

s3 stores a secret key in its global configuration. While the credential is stored encrypted on disk, it is transmitted in plain text as part of the configuration form by s3 0.11.4 and earlier. This can result in exposure of the credential through browser extensions, cross-site scripting...

7.5CVSS7AI score0.01077EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/02/12 12:0 a.m.•11 views

XXE vulnerability in nunit

nunit 0.25 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. This allows a user able to control the input files for its post-build step to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller,...

8.8CVSS8.1AI score0.0115EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/02/12 12:0 a.m.•7 views

Client secret transmitted in plain text by azure-ad

azure-ad stores a client secret in its global configuration. While the credential is stored encrypted on disk, it is transmitted in plain text as part of the configuration form by azure-ad 1.1.2 and earlier. This can result in exposure of the credential through browser extensions, cross-site...

5.3CVSS5.4AI score0.00925EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/02/12 12:0 a.m.•5 views

RCE vulnerability in google-kubernetes-engine

google-kubernetes-engine 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code execution vulnerability exploitable by users able to provide YAML input files to google-kubernetes-engine's build step...

8.8CVSS8.9AI score0.02745EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/02/12 12:0 a.m.•5 views

Password stored in plain text by applatix

applatix 1.1 and earlier stores the Applatix password unencrypted in job config.xml files as part of its configuration. This credential can be viewed by users with Extended Read permission or access to the Jenkins controller file system. As of publication of this advisory, there is no fix...

6.5CVSS6.4AI score0.00852EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/02/12 12:0 a.m.•7 views

Token stored in plain text by digitalocean-plugin

digitalocean-plugin 1.1 and earlier stores a token unencrypted in the global config.xml files as part of its configuration. This credential can be viewed by users with access to the Jenkins controller file system. As of publication of this advisory, there is no fix...

4.3CVSS5AI score0.00691EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/02/12 12:0 a.m.•9 views

Sandbox bypass vulnerability in script-security

Sandbox protection in script-security 1.69 and earlier can be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to imports or by using them inside of other annotations. This affects both script execution typically invoked from other plugins li...

8.8CVSS8.5AI score0.01267EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/02/12 12:0 a.m.•14 views

Users with Overall/Read access can enumerate credential IDs in pipeline-githubnotify-step

pipeline-githubnotify-step 1.0.4 and earlier provides a list of applicable credential IDs to allow users configuring the plugin to select the one to use. This functionality does not correctly check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs...

4.3CVSS5.1AI score0.00678EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/02/12 12:0 a.m.•5 views

RCE vulnerability in radargun

radargun 1.7 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types. This results in a remote code execution vulnerability exploitable by users able to configure radargun's build step. radargun 1.8 configures its YAML parser to only instantiate safe types...

8.8CVSS8.9AI score0.02282EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/02/12 12:0 a.m.•7 views

Password stored in plain text by dynamic_extended_choice_parameter

dynamicextendedchoiceparameter 1.0.1 and earlier stores a Subversion password unencrypted in job config.xml files as part of its configuration. This credential can be viewed by users with Extended Read permission or access to the Jenkins controller file system. As of publication of this advisory,...

4.3CVSS5.1AI score0.00691EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/02/12 12:0 a.m.•7 views

Sandbox bypass via default method parameter expression in workflow-cps

Sandbox protection in workflow-cps 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods. This allows attackers able to specify and run sandboxed Pipelines to execute arbitrary code in the context of the Jenkins controller JVM. These expressions are...

8.8CVSS8.4AI score0.01267EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/02/12 12:0 a.m.•7 views

CSRF vulnerability and missing permission checks in pipeline-githubnotify-step allows capturing credentials

pipeline-githubnotify-step 1.0.4 and earlier does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturi...

8.8CVSS6.3AI score0.00678EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/02/12 12:0 a.m.•18 views

Credentials stored in plain text by debian-package-builder

debian-package-builder 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file ru.yandex.jenkins.plugins.debuilder.DebianPackageBuilder.xml on the Jenkins controller. This credential can be viewed by users with access to the Jenkins controller file system. As of...

4.3CVSS5.1AI score0.00691EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/02/12 12:0 a.m.•8 views

Password stored in plain text by catalogic-ecx

catalogic-ecx 1.9 and earlier stores a service password unencrypted in job config.xml files as part of its configuration. This credential can be viewed by users with Extended Read permission or access to the Jenkins controller file system. As of publication of this advisory, there is no fix...

4.3CVSS5.1AI score0.00691EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/02/12 12:0 a.m.•12 views

Passwords stored in plain text by harvest

harvest 0.5.1 and earlier stores SCM passwords unencrypted in its global configuration file hudson.plugins.harvest.HarvestSCM.xml and in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission job config.xml only or access to the...

6.5CVSS6.4AI score0.00852EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/02/12 12:0 a.m.•11 views

Credential stored in plain text by bmc-rpd

bmc-rpd 1.1 and earlier stores the RPD user token unencrypted in its global configuration file com.bmc.rpd.jenkins.plugin.bmcrpd.configuration.RPDPluginConfiguration.xml on the Jenkins controller. This credential can be viewed by users with access to the Jenkins controller file system. As of...

4.3CVSS5.1AI score0.00691EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/02/12 12:0 a.m.•7 views

Password stored in plain text by eagle-tester

eagle-tester 1.0.9 and earlier stores a password unencrypted in its global configuration file com.bmc.rpd.jenkins.plugin.bmcrpd.configuration.RPDPluginConfiguration.xml on the Jenkins controller. This credential can be viewed by users with access to the Jenkins controller file system. As of...

6.5CVSS6.4AI score0.00852EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/01/29 12:0 a.m.•5 views

Inbound TCP Agent Protocol/3 authentication bypass

Jenkins 2.213 and earlier, LTS 2.204.1 and earlier includes support for the Inbound TCP Agent Protocol/3 for communication between controller and agents. While this protocol has been deprecated in 2018 and was recently removed from Jenkins in 2.214, it could still easily be enabled in Jenkins LTS...

8.6CVSS7.7AI score0.01012EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/01/29 12:0 a.m.•6 views

Stored XSS vulnerability in code-coverage-api

code-coverage-api 1.1.2 and earlier does not escape the filename of the coverage report used in its view. This results in a stored cross-site scripting vulnerability that can be exploited by users able to change the job configuration. code-coverage-api 1.1.3 escapes the filename of the coverage...

5.4CVSS5.3AI score0.00735EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/01/29 12:0 a.m.•6 views

Non-constant time comparison of inbound TCP agent connection secret

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier does not use a constant-time comparison validating the connection secret when an inbound TCP agent connection is initiated. This could potentially allow attackers to use statistical methods to obtain the connection secret. Jenkins 2.219, LTS...

5.3CVSS5.6AI score0.01368EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/01/29 12:0 a.m.•6 views

Jenkins REST APIs vulnerable to clickjacking

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier does not serve the X-Frame-Options: deny HTTP header on REST API responses to protect against clickjacking attacks. An attacker could exploit this by routing the victim through a specially crafted web page that embeds a REST API endpoint in an...

5.4CVSS5.1AI score0.0185EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/01/29 12:0 a.m.•6 views

XXE vulnerability in websphere-deployer

websphere-deployer 1.6.1 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. This could be exploited by a user with Job/Configure permissions to upload a specially crafted war file containing a WEB-INF/ibm-web-ext.xml which is parsed by the plugin. As of...

7.6CVSS7.3AI score0.00904EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
•added 2020/01/29 12:0 a.m.•8 views

Jenkins vulnerable to UDP amplification reflection attack

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier supports two network discovery services UDP multicast/broadcast and DNS multicast by default. The UDP multicast/broadcast service can be used in an amplification reflection attack, as very few bytes sent to the respective endpoint result in much...

5.8CVSS6AI score0.03443EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1464