|
222871
|
7.2 |
HIGH
Network
|
centreon
|
centreon_web
|
Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location setting…
|
NVD-CWE-noinfo
|
CVE-2019-16405
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222872
|
8.8 |
HIGH
Network
|
jenkins
|
google_compute_engine
|
A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineCloud#doProvision could be used to provision new agents.
|
CWE-352
Origin Validation Error
|
CVE-2019-16548
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222873
|
4.3 |
MEDIUM
Network
|
jenkins
|
google_compute_engine
|
Missing permission checks in various API endpoints in Jenkins Google Compute Engine Plugin 4.1.1 and earlier allow attackers with Overall/Read permission to obtain limited information about the plugi…
|
CWE-862
Missing Authorization
|
CVE-2019-16547
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222874
|
5.9 |
MEDIUM
Network
|
jenkins
|
google_compute_engine
|
Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2019-16546
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222875
|
6.5 |
MEDIUM
Network
|
qmetry
|
jenkins_qmetry_for_jira
|
Jenkins QMetry for JIRA - Test Management Plugin transmits credentials in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-16545
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222876
|
8.8 |
HIGH
Network
|
qmetry
|
jenkins_qmetry_for_jira
|
Jenkins QMetry for JIRA - Test Management Plugin 1.12 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read per…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-16544
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222877
|
5.5 |
MEDIUM
Local
|
jenkins
|
spira_importer
|
Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-16543
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222878
|
6.5 |
MEDIUM
Network
|
jenkins
|
anchore_container_image_scanner
|
Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read per…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-16542
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222879
|
9.9 |
CRITICAL
Network
|
jenkins
|
jira
|
Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2019-16541
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222880
|
6.5 |
MEDIUM
Network
|
jenkins
|
support_core
|
A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete arbitrary files on the Jenkins master.
|
CWE-22
Path Traversal
|
CVE-2019-16540
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
