|
223441
|
5.9 |
MEDIUM
Network
|
jenkins
|
google_compute_engine
|
Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2019-16546
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223442
|
6.5 |
MEDIUM
Network
|
qmetry
|
jenkins_qmetry_for_jira
|
Jenkins QMetry for JIRA - Test Management Plugin transmits credentials in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2019-16545
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223443
|
8.8 |
HIGH
Network
|
qmetry
|
jenkins_qmetry_for_jira
|
Jenkins QMetry for JIRA - Test Management Plugin 1.12 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read per…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-16544
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223444
|
5.5 |
MEDIUM
Local
|
jenkins
|
spira_importer
|
Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-16543
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223445
|
6.5 |
MEDIUM
Network
|
jenkins
|
anchore_container_image_scanner
|
Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read per…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2019-16542
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223446
|
9.9 |
CRITICAL
Network
|
jenkins
|
jira
|
Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2019-16541
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223447
|
6.5 |
MEDIUM
Network
|
jenkins
|
support_core
|
A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete arbitrary files on the Jenkins master.
|
CWE-22
Path Traversal
|
CVE-2019-16540
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223448
|
6.5 |
MEDIUM
Network
|
jenkins
|
support_core
|
A missing permission check in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete support bundles.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2019-16539
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223449
|
8.8 |
HIGH
Network
|
jenkins
|
script_security
|
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in s…
|
CWE-863
Incorrect Authorization
|
CVE-2019-16538
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223450
|
9.8 |
CRITICAL
Network
|
linksys
|
velop_whw0303_firmware
velop_whw0302_firmware
velop_whw0301_firmware
|
Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI.
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2019-16340
|
2024-11-21 13:30 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
