|
200801
|
6.5 |
MEDIUM
Network
|
jenkins
|
harvest_scm
|
Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-2130
|
2024-11-21 14:24 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200802
|
6.5 |
MEDIUM
Network
|
jenkins
|
eagle_tester
|
Jenkins Eagle Tester Plugin 1.0.9 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file syste…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-2129
|
2024-11-21 14:24 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200803
|
4.3 |
MEDIUM
Network
|
jenkins
|
ecx_copy_data_management
|
Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or a…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-2128
|
2024-11-21 14:24 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200804
|
4.3 |
MEDIUM
Network
|
jenkins
|
bmc_release_package_and_deployment
|
Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access t…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-2127
|
2024-11-21 14:24 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200805
|
4.3 |
MEDIUM
Network
|
jenkins
|
digitalocean
|
Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-2126
|
2024-11-21 14:24 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200806
|
4.3 |
MEDIUM
Network
|
jenkins
|
debian_package_builder
|
Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-2125
|
2024-11-21 14:24 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200807
|
4.3 |
MEDIUM
Network
|
jenkins
|
dynamic_extended_choice_parameter
|
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permi…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-2124
|
2024-11-21 14:24 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200808
|
8.8 |
HIGH
Network
|
jenkins
|
radargun
|
Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-2123
|
2024-11-21 14:24 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200809
|
5.4 |
MEDIUM
Network
|
jenkins
|
brakeman
|
Jenkins Brakeman Plugin 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability exploitable by users able …
|
CWE-79
Cross-site Scripting
|
CVE-2020-2122
|
2024-11-21 14:24 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200810
|
8.8 |
HIGH
Network
|
jenkins
|
google_kubernetes_engine
|
Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
|
NVD-CWE-noinfo
|
CVE-2020-2121
|
2024-11-21 14:24 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
