Total
1013 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-2124 | 1 Jenkins | 1 Dynamic Extended Choice Parameter | 2023-10-25 | 4.3 Medium |
| Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2020-2119 | 1 Jenkins | 1 Azure Ad | 2023-10-25 | 5.3 Medium |
| Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | ||||
| CVE-2020-2114 | 1 Jenkins | 1 S3 Publisher | 2023-10-25 | 7.5 High |
| Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | ||||
| CVE-2020-2107 | 1 Jenkins | 1 Fortify | 2023-10-25 | 4.3 Medium |
| Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2020-2095 | 1 Jenkins | 1 Redgate Sql Change Automation | 2023-10-25 | 4.3 Medium |
| Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored an API key unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-16572 | 1 Jenkins | 1 Weibo | 2023-10-25 | 5.5 Medium |
| Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
| CVE-2019-16557 | 1 Jenkins | 1 Redgate Sql Change Automation | 2023-10-25 | 6.5 Medium |
| Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-16556 | 1 Jenkins | 1 Rundeck | 2023-10-25 | 6.5 Medium |
| Jenkins Rundeck Plugin 3.6.5 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-16544 | 1 Qmetry | 1 Jenkins Qmetry For Jira | 2023-10-25 | 8.8 High |
| Jenkins QMetry for JIRA - Test Management Plugin 1.12 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-16543 | 1 Jenkins | 1 Spira Importer | 2023-10-25 | 5.5 Medium |
| Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
| CVE-2019-16542 | 1 Jenkins | 1 Anchore Container Image Scanner | 2023-10-25 | 6.5 Medium |
| Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-10476 | 1 Jenkins | 1 Zulip | 2023-10-25 | 7.8 High |
| Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | ||||
| CVE-2019-10467 | 1 Jenkins | 1 Sonar Gerrit | 2023-10-25 | 6.5 Medium |
| Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-10461 | 1 Jenkins | 1 Dynatrace Application Monitoring | 2023-10-25 | 7.8 High |
| Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | ||||
| CVE-2019-10460 | 1 Jenkins | 1 Bitbucket Oauth | 2023-10-25 | 7.8 High |
| Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | ||||
| CVE-2019-10459 | 1 Jenkins | 1 Mattermost Notification | 2023-10-25 | 6.5 Medium |
| Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-10448 | 1 Jenkins | 1 Extensive Testing | 2023-10-25 | 8.8 High |
| Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2019-10429 | 1 Jenkins | 1 Gitlab Logo | 2023-10-25 | 5.5 Medium |
| Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
| CVE-2019-10426 | 1 Jenkins | 1 Gem Publisher | 2023-10-25 | 5.5 Medium |
| Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||||
| CVE-2019-10425 | 1 Jenkins | 1 Google Calendar | 2023-10-25 | 6.5 Medium |
| Jenkins Google Calendar Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||||