4 matches found
CVE-2022-29036
CVE-2022-29036 affects Jenkins Credentials Plugin (versions including 1111.v35a_307992395 and earlier, with some exceptions) by failing to escape the name/description of Credentials parameters on views that display them, enabling stored XSS for attackers with Item/Configure permission. Exploitati...
CVE-2021-21648
CVE-2021-21648 affects Jenkins Credentials Plugin; versions 2.3.18 and earlier do not escape user-controlled information on a view, causing a reflected XSS. Impact and exact exploitation details are not expanded in the provided documents beyond this description. Remediation known from related adv...
CVE-2024-47805
CVE-2024-47805 affects Jenkins Credentials Plugin and does not redact encrypted values of credentials using the SecretBytes type in item config.xml accessed via REST API or CLI. Vulnerable versions include 1380.va_435002fa_924 and earlier, with some exceptions (e.g., 1371.1373.v4eb_fa_b_7161e9). ...
CVE-2019-10320
CVE-2019-10320 affects Jenkins Credentials Plugin (versions ≤ 2.1.18). An authenticated user with credential-management permission could confirm the existence of files on the Jenkins master via an attacker-controlled path, and read PKCS#12 certificate content from those files. This is a file-read...