Vulnerabilities (CVE)

Vendor filter

Jenkins Subscribe

Filter

410 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-10320 1 Jenkins 1 Credentials 2019-05-24 4.0
Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files...
CVE-2019-10319 1 Jenkins 1 Pluggable Authentication Module 2019-05-24 4.0
A missing permission check in Jenkins PAM Authentication Plugin 1.5 and earlier, except 1.4.1 in PamSecurityRealm.DescriptorImpl#doTest allowed users with Overall/Read permission to obtain limited information about the file /etc/shadow and the...
CVE-2017-1000244 1 Jenkins 2 Favorite Plugin, Favorite 2019-05-22 6.8
Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification
CVE-2016-9299 2 Jenkins, Fedoraproject 2 Jenkins, Fedora 2019-05-22 7.5
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.
CVE-2019-1003000 2 Jenkins, Redhat 2 Script Security, Openshift Container Platform 2019-05-17 6.5
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to...
CVE-2019-1003078 1 Jenkins 1 Vmware Lab Manager Slaves 2019-05-13 4.3
A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
CVE-2019-1003093 1 Jenkins 1 Nomad 2019-05-10 4.0
A missing permission check in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
CVE-2019-1003096 1 Jenkins 1 Testfairy 2019-05-10 4.0
Jenkins TestFairy Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVE-2019-1003089 1 Jenkins 1 Upload To Pgyer 2019-05-10 4.0
Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVE-2019-1003088 1 Jenkins 1 Fabric Beta Publisher 2019-05-10 4.0
Jenkins Fabric Beta Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVE-2019-1003085 1 Jenkins 1 Zephyr Enterprise Test Management 2019-05-10 4.0
A missing permission check in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
CVE-2019-1003083 1 Jenkins 1 Gearman 2019-05-10 4.0
A missing permission check in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
CVE-2019-1003081 1 Jenkins 1 Openshift Deployer 2019-05-10 4.0
A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an...
CVE-2019-1003079 1 Jenkins 1 Vmware Lab Manager Slaves 2019-05-10 4.0
A missing permission check in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
CVE-2019-1003077 1 Jenkins 1 Audit To Database 2019-05-10 4.0
A missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
CVE-2019-1003074 1 Jenkins 1 Hyper.sh Commons 2019-05-10 4.0
Jenkins Hyper.sh Commons Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CVE-2019-1003067 1 Jenkins 1 Trac Publisher 2019-05-10 4.0
Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVE-2019-1003056 1 Jenkins 1 Websphere Deployer 2019-05-10 4.0
Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVE-2019-1003053 1 Jenkins 1 Hockeyapp 2019-05-10 4.0
Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVE-2019-1003052 1 Jenkins 1 Aws Elastic Beanstalk Publisher 2019-05-10 4.0
Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.