Vulnerabilities in Jenkins Project

1,522 results

CVE-2019-1003075—Jenkins Audit to Database Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be vieEPSS 1.4%CVE-2019-1003069—Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can beEPSS 1.4%CVE-2019-1003063—Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they caEPSS 1.4%CVE-2019-1003070—Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewEPSS 1.4%CVE-2019-1003064—Jenkins aws-device-farm Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be vieweEPSS 1.4%CVE-2019-1003056—Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by uEPSS 1.4%CVE-2019-1003067—Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by usersEPSS 1.4%CVE-2019-1003054—Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by uEPSS 1.4%CVE-2019-1003057—Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be vieEPSS 1.4%CVE-2019-1003053—Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users withEPSS 1.4%CVE-2019-1003071—Jenkins OctopusDeploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed EPSS 1.4%CVE-2019-1003073—Jenkins VS Team Services Continuous Deployment Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where theEPSS 1.4%CVE-2019-1003068—Jenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be vieEPSS 1.4%CVE-2019-10342—A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with OverallEPSS 1.4%CVE-2019-10312—A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doFillToweEPSS 1.4%CVE-2019-10383—A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer EPSS 1.4%CVE-2020-2261—Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to rEPSS 1.4%CVE-2019-10300—A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form vEPSS 1.4%CVE-2019-10333—Missing permission checks in Jenkins ElectricFlow Plugin 1.1.5 and earlier in various HTTP endpoints allowed users with Overall/Read access EPSS 1.4%CVE-2022-34173—In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job displayEPSS 1.4%

← previouspage 14 / 77next →