CVE-2019-10358
Jenkins Maven Integration Plugin 3.3 and earlier did not apply build log decorators to module builds, potentially revealing sensitive build variables in the build log.
Source: CVE-2019-10358
[월:] 2019년 07월
CVE-2019-10359
CVE-2019-10359
A cross-site request forgery vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier in the M2ReleaseAction#doSubmit method allowed attackers to perform releases with attacker-specified options.
Source: CVE-2019-10359
CVE-2019-10343
CVE-2019-10343
Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied.
Source: CVE-2019-10343
CVE-2019-10361
CVE-2019-10361
Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system.
Source: CVE-2019-10361
CVE-2019-10360
CVE-2019-10360
A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.
Source: CVE-2019-10360
CVE-2019-10364
CVE-2019-10364
Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system log.
Source: CVE-2019-10364
CVE-2019-10362
CVE-2019-10362
Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change Jenkins system configuration to obtain the values of environment variables.
Source: CVE-2019-10362
CVE-2019-10363
CVE-2019-10363
Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form.
Source: CVE-2019-10363
CVE-2019-14361
CVE-2019-14361
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-14439. Reason: This candidate is a reservation duplicate of CVE-2019-14439. Notes: All CVE users should reference CVE-2019-14439 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Source: CVE-2019-14361
CVE-2019-14452
CVE-2019-14452
Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.
Source: CVE-2019-14452