CVE-2019-10426
Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Source: CVE-2019-10426
[월:] 2019년 09월
CVE-2019-10424
CVE-2019-10424
Jenkins elOyente Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Source: CVE-2019-10424
CVE-2019-10411
CVE-2019-10411
Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
Source: CVE-2019-10411
CVE-2019-10419
CVE-2019-10419
Jenkins vFabric Application Director Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Source: CVE-2019-10419
CVE-2019-10420
CVE-2019-10420
Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Source: CVE-2019-10420
CVE-2019-10405
CVE-2019-10405
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly.
Source: CVE-2019-10405
CVE-2019-10409
CVE-2019-10409
A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates.
Source: CVE-2019-10409
CVE-2019-10401
CVE-2019-10401
In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents (typically Job/Configure).
Source: CVE-2019-10401
CVE-2019-10408
CVE-2019-10408
A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates.
Source: CVE-2019-10408
CVE-2019-10407
CVE-2019-10407
Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin.
Source: CVE-2019-10407