1464 matches found
zulip stored credentials in plain text
zulip stored a credential unencrypted in its global configuration file jenkins.plugins.zulip.ZulipNotifier.xml, as well as in the legacy configuration file hudson.plugins.humbug.HumbugNotifier.xml on the Jenkins controller. This credential could be viewed by users with access to the Jenkins...
Users with Overall/Read access could enumerate credential IDs in kubernetes-ci
kubernetes-ci provides a list of applicable credential IDs to allow users configuring the plugin to select the one to use. This functionality does not correctly check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those can be used as part of a...
Users with Overall/Read access could enumerate credential IDs in libvirt-slave
libvirt-slave provides a list of applicable credential IDs to allow users configuring the plugin to select the one to use. This functionality does not correctly check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those can be used as part of a...
Reflected XSS vulnerability in build-metrics
build-metrics does not properly escape the label query parameter, resulting in a reflected cross-site scripting vulnerability. As of publication of this advisory, there is no fix...
Users with Overall/Read access could enumerate credential IDs in crx-content-package-deployer
crx-content-package-deployer provides a list of applicable credential IDs to allow users configuring the plugin to select the one to use. This functionality did not correctly check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be...
icescrum stored credentials in plain text
icescrum stored credentials unencrypted in job config.xml files on the Jenkins controller. These credentials could be viewed by users with Extended Read permission or access to the Jenkins controller file system. icescrum 1.1.5 and newer now stores these credentials encrypted...
cloudtest stores API token in plain text
cloudtest stores credentials unencrypted in its global configuration file com.soasta.jenkins.CloudTestServer.xml on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system. As of publication of this advisory there is no fix...
CSRF vulnerability and missing permission check in crx-content-package-deployer allowed capturing credentials
crx-content-package-deployer did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials...
CSRF vulnerability and missing permission check in icescrum
icescrum did not perform permission checks on a method implementing form validation. This allowed users with Overall/Read access to Jenkins to initiate a connection test to an attacker-specified server with attacker-specified access token or username and password. Additionally, the form validatio...
Script sandbox bypass vulnerability in Puppet Enterprise Pipeline
Puppet Enterprise Pipeline defines a custom list of pre-approved signatures for all scripts protected by the Script Security sandbox. This custom list of pre-approved signatures allows the use of methods that can be used to bypass Script Security sandbox protection. This results in arbitrary code...
elasticbox stores access token in plain text
elasticbox stores an access token unencrypted in the global config.xml configuration file on the Jenkins controller. This token can be viewed by users with access to the Jenkins controller file system. As of publication of this advisory there is no fix...
Arbitrary file read vulnerability in google-oauth-plugin
google-oauth-plugin allowed the creation of credentials based on the content of files on the Jenkins controller through a feature retaining backwards compatibility with earlier plugin releases. This allowed users with the permission to configure jobs and credentials to read arbitrary files on the...
neoload-jenkins-plugin stored credentials in plain text
neoload-jenkins-plugin stored credentials unencrypted in its global configuration file org.jenkinsci.plugins.neoload.integration.NeoGlobalConfig.xml and in job config.xml files on the Jenkins controller. These credentials could be viewed by users with Extended Read permission or access to the...
bumblebee unconditionally disabled SSL/TLS certificate validation
bumblebee unconditionally disabled SSL/TLS certificate validation for connections to the HP ALM service. bumblebee no longer does that. Instead, it now allows users to opt out of certificate validation...
Missing permission checks in google-kubernetes-engine allowed validating and obtaining data
Missing permission checks in google-kubernetes-engine allowed users with Overall/Read permission to obtain limited information about the scope and access of a credential with an attacker-specified credential ID obtained through another method. google-kubernetes-engine now requires Job/Configure...
vmanager-plugin globally and unconditionally disabled SSL/TLS certificate validation
vmanager-plugin unconditionally disabled SSL/TLS certificate validation for the entire Jenkins controller JVM. vmanager-plugin no longer does that. Instead, it now has an opt-in option to ignore SSL/TLS errors for its connections...
sofy-ai stores API token in plain text
sofy-ai stores an API token unencrypted in job config.xml files on the Jenkins controller. This token can be viewed by users with Extended Read permission or access to the Jenkins controller file system. As of publication of this advisory there is no fix...
extensivetesting stores credentials in plain text
extensivetesting stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission or access to the Jenkins controller file system. As of publication of this advisory there is no fix...
fortify-on-demand-uploader stores credentials in plain text
fortify-on-demand-uploader stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission or access to the Jenkins controller file system. As of publication of this advisory there is no fix...
view26 stores access token in plain text
view26 stores an access token unencrypted in job config.xml files on the Jenkins controller. This token can be viewed by users with Extended Read permission or access to the Jenkins controller file system. As of publication of this advisory there is no fix...
delphix stores credentials in plain text
delphix stores credentials unencrypted in its global configuration file io.jenkins.plugins.delphix.GlobalConfiguration.xml on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system. As of publication of this advisory there is no fix...
CSRF vulnerability and missing permission check in rundeck
rundeck does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to initiate a connection test to an attacker-specified server with attacker-specified username and password. Additionally, the form validation method does not...
CSRF vulnerability and missing permission check in oracle-cloud-infrastructure-compute-classic
oracle-cloud-infrastructure-compute-classic does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to initiate a connection test to an attacker-specified server with attacker-specified username and password. Additionally,...
Stored XSS vulnerability in htmlpublisher
htmlpublisher did not escape the project or build display name shown in the frame HTML page. This resulted in a cross-site scripting vulnerability exploitable by attackers able to control the project or build display name, typically users with Job/Configure or Build/Update permission. htmlpublish...
dingding-notifications stores credentials in plain text
dingding-notifications stores an access token unencrypted in job config.xml files on the Jenkins controller. This token can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. As of publication of this advisory, there is no fix...
ldapemail shows plain text password in configuration form
ldapemail stores an LDAP bind password in its global Jenkins configuration. While the password is stored encrypted on disk, it is transmitted in plain text as part of the configuration form. This can result in exposure of the password through browser extensions, cross-site scripting...
vault-scm-plugin shows plain text password in configuration form
vault-scm-plugin stores an SCM password in job configurations. While the password is stored encrypted on disk, it is transmitted in plain text as part of the configuration form. This can result in exposure of the password through browser extensions, cross-site scripting vulnerabilities, and simil...
Sandbox bypass vulnerability in script-security
Sandbox protection in script-security could be circumvented through default parameter expressions in constructors. This allowed attackers able to specify and run sandboxed scripts to execute arbitrary code in the context of the Jenkins controller JVM. These expressions are now subject to sandbox...
XSS vulnerability in Jenkins URL setting
Jenkins did not validate or otherwise limit the possible values administrators could specify as Jenkins root URL. This resulted in a cross-site scripting vulnerability exploitable by users with Overall/Administer permission. Jenkins now prevents values other than HTTP/HTTPS URLs from being set as...
project-inheritance showed secret environment variables defined in Mask Passwords Plugin
Mask Passwords Plugin allows users to define secret environment variables typically passwords to be passed to builds, both globally, and for specific jobs. These environment variables are expected to not be shown. project-inheritance showed the variable values on its Full Build Flow view and...
aqua-security-scanner showed plain text password in configuration form
aqua-security-scanner stores a password in its global Jenkins configuration. While the password is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the password through browser extensions, cross-site scripting...
git-changelog stored credentials in plain text
git-changelog stored MediaWiki and Jira passwords unencrypted in job config.xml files on the Jenkins controller. These passwords could be viewed by users with Extended Read permission, or access to the Jenkins controller file system. git-changelog now stores these passwords encrypted. Existing jo...
gitlab-logo stored credentials in plain text
gitlab-logo stored a private token unencrypted in its global configuration file org.jenkinsci.plugins.gitlablogo.GitlabLogoProperty.xml on the Jenkins controller. This token could be viewed by users with access to the Jenkins controller file system. gitlab-logo now stores the token encrypted...
violation-comments-to-gitlab stored credentials in plain text
violation-comments-to-gitlab stored API tokens unencrypted in job config.xml files and its global configuration file org.jenkinsci.plugins.jvctgl.ViolationsToGitLabGlobalConfiguration.xml on the Jenkins controller. These credentials could be viewed by users with Extended Read permission, or acces...
application-director-plugin stores credentials in plain text
application-director-plugin stores the Application Director password unencrypted in its global configuration file jfullam.vfabric.jenkins.plugin.ApplicationDirectorPostBuildDeployer.xml on the Jenkins controller. This password can be viewed by users with access to the Jenkins controller file...
assembla stores credentials in plain text
assembla stores the Assembla password unencrypted in its global configuration file jenkins.plugin.assembla.AssemblaProjectProperty.xml on the Jenkins controller. This password can be viewed by users with access to the Jenkins controller file system. As of publication of this advisory, there is no...
call-remote-job-plugin stores credentials in plain text
call-remote-job-plugin stores a password unencrypted in job config.xml files on the Jenkins controller. This password can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. As of publication of this advisory, there is no fix...
CodeScan stores credentials in plain text
CodeScan stores an API key unencrypted in its global configuration file com.villagechief.codescan.jenkins.CodeScanBuilder.xml on the Jenkins controller. This API key can be viewed by users with access to the Jenkins controller file system. As of publication of this advisory, there is no fix...
gcal stores credentials in plain text
gcal stores a calendar password unencrypted in job config.xml files on the Jenkins controller. This password can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. As of publication of this advisory, there is no fix...
Stored XSS vulnerability in expandable textbox form control
Jenkins form controls include an expandable textbox that can transform from a single-line text box to a multi-line text area. The implementation of this transformation interpreted the text content of the form field as HTML. This resulted in a cross-site scripting vulnerability exploitable by...
Stored XSS vulnerability in SCM tag action tooltip
Jenkins did not escape the tag name on the tooltip for tag actions shown in the build history. This resulted in a cross-site scripting vulnerability exploitable by attackers able to control the SCM tag name for these actions. Jenkins now escapes the SCM tag action...
Diagnostic web page exposed Cookie HTTP header
Jenkins shows various technical information about the current user on the /whoAmI URL. The information shown includes HTTP request headers. This allowed attackers able to exploit another cross-site scripting vulnerability to obtain the Cookie header's value even if the HttpOnly flag would prevent...
CSRF vulnerability and missing permission check in project-inheritance
project-inheritance allows the creation of projects based on templates defined in the plugin configuration. A missing permission check in the HTTP endpoint triggering project creation allowed users with Overall/Read permission to create these projects. Additionally, the HTTP endpoint did not...
Stored XSS vulnerability in log-parser
log-parser did not escape an error message shown when log parsing patterns are invalid. This resulted in a persisted cross-site scripting vulnerability exploitable by attackers able to control the log parsing rules configuration, typically users with Job/Configure permission. Jenkins applies the...
aqua-microscanner showed plain text credential in configuration form
aqua-microscanner stores a token credential in its global Jenkins configuration. While the token is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the token through browser extensions, cross-site scripting...
inedo-buildmaster showed plain text password in configuration form
inedo-buildmaster stores a service password in its global Jenkins configuration. While the password is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the password through browser extensions, cross-site scripting...
datatheorem-mobile-app-security stored credentials in plain text
datatheorem-mobile-app-security stored a proxy password unencrypted in job config.xml files on the Jenkins controller. This password could be viewed by users with Extended Read permission, or access to the Jenkins controller file system. datatheorem-mobile-app-security now stores the proxy passwo...
Script sandbox bypass vulnerability in Kubernetes Pipeline - Kubernetes Steps Plugin
Kubernetes Pipeline - Kubernetes Steps Plugin defines a custom list of pre-approved signatures for all scripts protected by the Script Security sandbox. This custom list of pre-approved signatures allows the use of methods that can be used to bypass Script Security sandbox protection. This result...
azure-event-grid-notifier stores credentials in plain text
azure-event-grid-notifier stores the Azure Event Grid secret key unencrypted in job config.xml files on the Jenkins controller. This key can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. As of publication of this advisory, there is no fix...
XSS vulnerability in combobox form control
Jenkins interpreted items added to f:combobox form controls as HTML. This resulted in a cross-site scripting vulnerability exploitable by attackers able to control the contents of f:combobox form controls. Jenkins no longer interprets items added to a combobox as HTML. NOTE ====== This might be a...