|
199951
|
5.5 |
MEDIUM
Local
|
jenkins
|
zephyr_for_jira_test_management
|
Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-2154
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199952
|
4.3 |
MEDIUM
Network
|
jenkins
|
backlog
|
Jenkins Backlog Plugin 2.4 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-2153
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199953
|
6.1 |
MEDIUM
Network
|
jenkins
|
subversion_release_manager
|
Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-2152
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199954
|
5.3 |
MEDIUM
Network
|
jenkins
|
quality_gates
|
Jenkins Quality Gates Plugin 2.5 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-2151
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199955
|
5.3 |
MEDIUM
Network
|
jenkins
|
sonar_quality_gates
|
Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-2150
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199956
|
5.3 |
MEDIUM
Network
|
jenkins
|
repository_connector
|
Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-2149
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199957
|
4.3 |
MEDIUM
Network
|
jenkins
|
mac
|
A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials.
|
CWE-863
Incorrect Authorization
|
CVE-2020-2148
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199958
|
4.3 |
MEDIUM
Network
|
jenkins
|
mac
|
A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.
|
CWE-352
Origin Validation Error
|
CVE-2020-2147
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199959
|
7.4 |
HIGH
Network
|
jenkins
|
mac
|
Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2020-2146
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199960
|
5.5 |
MEDIUM
Local
|
jenkins
|
zephyr_enterprise_test_management
|
Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-2145
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
