Lucene search
+L
JenkinsCredentials

4 matches found

CVE
CVE
added 2022/04/12 12:0 a.m.241 views

CVE-2022-29036

CVE-2022-29036 affects Jenkins Credentials Plugin (versions including 1111.v35a_307992395 and earlier, with some exceptions) by failing to escape the name/description of Credentials parameters on views that display them, enabling stored XSS for attackers with Item/Configure permission. Exploitati...

5.4CVSS5.2AI score0.7855EPSS
CVE
CVE
added 2021/05/11 2:15 p.m.135 views

CVE-2021-21648

CVE-2021-21648 affects Jenkins Credentials Plugin; versions 2.3.18 and earlier do not escape user-controlled information on a view, causing a reflected XSS. Impact and exact exploitation details are not expanded in the provided documents beyond this description. Remediation known from related adv...

6.1CVSS5.8AI score0.11308EPSS
CVE
CVE
added 2024/10/02 3:35 p.m.134 views

CVE-2024-47805

CVE-2024-47805 affects Jenkins Credentials Plugin and does not redact encrypted values of credentials using the SecretBytes type in item config.xml accessed via REST API or CLI. Vulnerable versions include 1380.va_435002fa_924 and earlier, with some exceptions (e.g., 1371.1373.v4eb_fa_b_7161e9). ...

7.5CVSS7AI score0.00591EPSS
CVE
CVE
added 2019/05/21 1:0 p.m.92 views

CVE-2019-10320

CVE-2019-10320 affects Jenkins Credentials Plugin (versions ≤ 2.1.18). An authenticated user with credential-management permission could confirm the existence of files on the Jenkins master via an attacker-controlled path, and read PKCS#12 certificate content from those files. This is a file-read...

4.3CVSS4.6AI score0.00969EPSS