Filtered by vendor Jenkins
Subscribe
Search
Total
1277 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16541 | 1 Jenkins | 1 Jira | 2019-12-03 | 6.5 MEDIUM | 9.9 CRITICAL |
| Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope. | |||||
| CVE-2019-16542 | 1 Jenkins | 1 Anchore Container Image Scanner | 2019-12-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-16543 | 1 Jenkins | 1 Spira Importer | 2019-12-03 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2018-1000426 | 1 Jenkins | 1 Git Changelog | 2019-11-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attackers able to control the Git history parsed by the plugin to have Jenkins render arbitrary HTML on some pages. | |||||
| CVE-2019-16539 | 1 Jenkins | 1 Support Core | 2019-11-25 | 5.5 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete support bundles. | |||||
| CVE-2019-16540 | 1 Jenkins | 1 Support Core | 2019-11-25 | 5.5 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete arbitrary files on the Jenkins master. | |||||
| CVE-2019-16546 | 1 Jenkins | 1 Google Compute Engine | 2019-11-22 | 4.3 MEDIUM | 5.9 MEDIUM |
| Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. | |||||
| CVE-2019-16548 | 1 Jenkins | 1 Google Compute Engine | 2019-11-22 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineCloud#doProvision could be used to provision new agents. | |||||
| CVE-2012-4438 | 1 Jenkins | 1 Jenkins | 2019-11-20 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code. | |||||
| CVE-2012-4439 | 1 Jenkins | 1 Jenkins | 2019-11-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that points to Jenkins. | |||||
| CVE-2012-4440 | 1 Jenkins | 1 Jenkins | 2019-11-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the Violations plugin. | |||||
| CVE-2012-4441 | 1 Jenkins | 1 Jenkins | 2019-11-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin. | |||||
| CVE-2019-10475 | 1 Jenkins | 1 Build-metrics | 2019-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin. | |||||
| CVE-2019-10440 | 1 Jenkins | 1 Neoload | 2019-10-30 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10443 | 1 Jenkins | 1 Icescrum | 2019-10-30 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2016-3101 | 1 Jenkins | 1 Extra Columns | 2019-10-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Extra Columns plugin before 1.17 in Jenkins allows remote attackers to inject arbitrary web script or HTML by leveraging failure to filter tool tips through the configured markup formatter. | |||||
| CVE-2016-4986 | 1 Jenkins | 1 Tap | 2019-10-28 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the TAP plugin before 1.25 in Jenkins allows remote attackers to read arbitrary files via an unspecified parameter. | |||||
| CVE-2016-4987 | 1 Jenkins | 1 Image Gallery | 2019-10-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields. | |||||
| CVE-2016-4988 | 1 Jenkins | 1 Build Failure Analyzer | 2019-10-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. | |||||
| CVE-2019-10459 | 1 Jenkins | 1 Mattermost Notification | 2019-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10462 | 1 Jenkins | 1 Dynatrace Application Monitoring | 2019-10-25 | 6.8 MEDIUM | 8.1 HIGH |
| A cross-site request forgery vulnerability in Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2019-10463 | 1 Jenkins | 1 Dynatrace Application Monitoring | 2019-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Dynatrace Application Monitoring Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2019-10466 | 1 Jenkins | 1 360 Fireline | 2019-10-25 | 5.5 MEDIUM | 8.1 HIGH |
| An XML external entities (XXE) vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks. | |||||
| CVE-2019-10468 | 1 Jenkins | 1 Kubernetes Ci | 2019-10-24 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2019-10469 | 1 Jenkins | 1 Kubernetes Ci | 2019-10-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2019-10470 | 1 Jenkins | 1 Kubernetes Ci | 2019-10-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | |||||
| CVE-2019-10472 | 1 Jenkins | 1 Libvirt Slaves | 2019-10-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2019-10473 | 1 Jenkins | 1 Libvirt Slaves | 2019-10-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Libvirt Slaves Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | |||||
| CVE-2019-10474 | 1 Jenkins | 1 Global Post Script | 2019-10-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Global Post Script Plugin in allowed users with Overall/Read access to list the scripts available to the plugin stored on the Jenkins master file system. | |||||
| CVE-2019-10465 | 1 Jenkins | 1 Deploy Weblogic | 2019-10-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system. | |||||
| CVE-2019-10471 | 1 Jenkins | 1 Libvirt Slaves | 2019-10-24 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins Libvirt Slaves Plugin allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2019-10464 | 1 Jenkins | 1 Deploy Weblogic | 2019-10-24 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system. | |||||
| CVE-2019-10461 | 1 Jenkins | 1 Dynatrace Application Monitoring | 2019-10-24 | 2.1 LOW | 7.8 HIGH |
| Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
| CVE-2019-10460 | 1 Jenkins | 1 Bitbucket Oauth | 2019-10-24 | 2.1 LOW | 7.8 HIGH |
| Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
| CVE-2019-10476 | 1 Jenkins | 1 Zulip | 2019-10-24 | 2.1 LOW | 7.8 HIGH |
| Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
| CVE-2019-10467 | 1 Jenkins | 1 Sonar Gerrit | 2019-10-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10437 | 1 Jenkins | 1 Crx Content Package Deployer | 2019-10-23 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2019-10451 | 1 Jenkins | 1 Soasta Cloudtest | 2019-10-22 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10441 | 1 Jenkins | 1 Icescrum | 2019-10-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2019-10447 | 1 Jenkins | 1 Sofy.ai | 2019-10-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10449 | 1 Jenkins | 1 Fortify On Demand | 2019-10-18 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10450 | 1 Jenkins | 1 Elasticbox Ci | 2019-10-18 | 2.1 LOW | 3.3 LOW |
| Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10452 | 1 Jenkins | 1 View26 Test-reporting | 2019-10-18 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10453 | 1 Jenkins | 1 Delphix | 2019-10-18 | 2.1 LOW | 7.8 HIGH |
| Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10446 | 1 Jenkins | 1 Cadence Vmanager | 2019-10-18 | 6.4 MEDIUM | 8.2 HIGH |
| Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM. | |||||
| CVE-2019-10448 | 1 Jenkins | 1 Extensive Testing | 2019-10-18 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10444 | 1 Jenkins | 1 Bumblebee Hp Alm | 2019-10-18 | 6.4 MEDIUM | 6.5 MEDIUM |
| Jenkins Bumblebee HP ALM Plugin 4.1.3 and earlier unconditionally disabled SSL/TLS and hostname verification for connections to HP ALM. | |||||
| CVE-2019-10454 | 1 Jenkins | 1 Rundeck | 2019-10-18 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2019-10456 | 1 Jenkins | 1 Oracle Cloud Infrastructure Compute Classic | 2019-10-18 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2019-10398 | 1 Jenkins | 1 Beaker Builder | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||