CVE-2019-10423
Jenkins CodeScan Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Source: CVE-2019-10423
[월:] 2019년 09월
CVE-2019-10418
CVE-2019-10418
Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.
Source: CVE-2019-10418
CVE-2019-10412
CVE-2019-10412
Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
Source: CVE-2019-10412
CVE-2019-10414
CVE-2019-10414
Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.
Source: CVE-2019-10414
CVE-2019-10417
CVE-2019-10417
Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection.
Source: CVE-2019-10417
CVE-2019-10410
CVE-2019-10410
Jenkins Log Parser Plugin 2.0 and earlier did not escape an error message, resulting in a cross-site scripting vulnerability exploitable by users able to define log parsing rules.
Source: CVE-2019-10410
CVE-2019-10413
CVE-2019-10413
Jenkins Data Theorem: CI/CD Plugin 1.3 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.
Source: CVE-2019-10413
CVE-2019-10421
CVE-2019-10421
Jenkins Azure Event Grid Build Notifier Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Source: CVE-2019-10421
CVE-2019-10415
CVE-2019-10415
Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
Source: CVE-2019-10415
CVE-2019-10416
CVE-2019-10416
Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.
Source: CVE-2019-10416