Total
1025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1003045 | 1 Trustsource | 1 Ecs Publisher | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configured in this plugin's configuration. | |||||
| CVE-2019-1003039 | 1 Jenkins | 1 Appdynamics | 2023-10-25 | 4.0 MEDIUM | 8.8 HIGH |
| An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain passwords configured in jobs to obtain them. | |||||
| CVE-2019-10426 | 1 Jenkins | 1 Gem Publisher | 2023-10-25 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10413 | 1 Jenkins | 1 Data Theorem Mobile App Security | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Data Theorem: CI/CD Plugin 1.3 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-2130 | 1 Jenkins | 1 Harvest Scm | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | |||||
| CVE-2019-10361 | 1 Jenkins | 1 M2release | 2023-10-25 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
| CVE-2019-10286 | 1 Jenkins | 1 Deployhub | 2023-10-25 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins DeployHub Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-2124 | 1 Jenkins | 1 Dynamic Extended Choice Parameter | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10345 | 1 Jenkins | 1 Configuration As Code | 2023-10-25 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export. | |||||
| CVE-2019-10284 | 1 Jenkins | 1 Diawi Upload | 2023-10-25 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Diawi Upload Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-2127 | 1 Jenkins | 1 Bmc Release Package And Deployment | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10302 | 1 Jenkins | 1 Jira-ext | 2023-10-25 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | |||||
| CVE-2020-2209 | 1 Jenkins | 1 Testcomplete Support | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins TestComplete support Plugin 2.4.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-2095 | 1 Jenkins | 1 Redgate Sql Change Automation | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored an API key unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10414 | 1 Jenkins | 1 Git Changelog | 2023-10-25 | 3.5 LOW | 6.5 MEDIUM |
| Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10285 | 1 Jenkins | 1 Minio Storage | 2023-10-25 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Minio Storage Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2020-2218 | 1 Hp Application Lifecycle Management Quality Center Project | 1 Hp Application Lifecycle Management Quality Center | 2023-10-25 | 2.1 LOW | 3.3 LOW |
| Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | |||||
| CVE-2019-10422 | 1 Jenkins | 1 Call Remote Job | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-2165 | 1 Jfrog | 1 Artifactory | 2023-10-25 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2019-10280 | 1 Jenkins | 1 Assembla Auth | 2023-10-25 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||