CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Jenkins : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2019-1003090 352 CSRF 2019-04-04 2020-06-23
4.3
None Remote Medium Not required None Partial None
A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server.
152 CVE-2019-1003089 311 2019-04-04 2020-09-01
4.0
None Remote Low ??? Partial None None
Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
153 CVE-2019-1003088 311 2019-04-04 2020-09-01
4.0
None Remote Low ??? Partial None None
Jenkins Fabric Beta Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
154 CVE-2019-1003087 862 2019-04-04 2020-07-15
4.0
None Remote Low ??? None Partial None
A missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
155 CVE-2019-1003086 352 CSRF 2019-04-04 2020-06-23
4.3
None Remote Medium Not required None Partial None
A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
156 CVE-2019-1003085 862 2019-04-04 2020-07-15
4.0
None Remote Low ??? None Partial None
A missing permission check in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
157 CVE-2019-1003084 352 CSRF 2019-04-04 2020-06-23
4.3
None Remote Medium Not required None Partial None
A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
158 CVE-2019-1003083 862 2019-04-04 2020-07-15
4.0
None Remote Low ??? None Partial None
A missing permission check in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
159 CVE-2019-1003082 352 CSRF 2019-04-04 2020-06-23
4.3
None Remote Medium Not required None Partial None
A cross-site request forgery vulnerability in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
160 CVE-2019-1003081 862 2019-04-04 2020-07-15
4.0
None Remote Low ??? None Partial None
A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
161 CVE-2019-1003080 352 CSRF 2019-04-04 2020-06-23
4.3
None Remote Medium Not required None Partial None
A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server.
162 CVE-2019-1003079 862 2019-04-04 2020-07-15
4.0
None Remote Low ??? None Partial None
A missing permission check in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
163 CVE-2019-1003078 352 CSRF 2019-04-04 2020-06-23
4.3
None Remote Medium Not required None Partial None
A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
164 CVE-2019-1003077 862 2019-04-04 2020-09-01
4.0
None Remote Low ??? None Partial None
A missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
165 CVE-2019-1003076 352 CSRF 2019-04-04 2020-06-23
4.3
None Remote Medium Not required None Partial None
A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
166 CVE-2019-1003075 311 2019-04-04 2020-09-01
4.0
None Remote Low ??? Partial None None
Jenkins Audit to Database Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
167 CVE-2019-1003074 311 2019-04-04 2020-09-01
4.0
None Remote Low ??? Partial None None
Jenkins Hyper.sh Commons Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
168 CVE-2019-1003073 311 2019-04-04 2020-09-01
4.0
None Remote Low ??? Partial None None
Jenkins VS Team Services Continuous Deployment Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
169 CVE-2019-1003072 311 2019-04-04 2020-09-01
4.0
None Remote Low ??? Partial None None
Jenkins WildFly Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
170 CVE-2019-1003071 311 2019-04-04 2020-09-01
4.0
None Remote Low ??? Partial None None
Jenkins OctopusDeploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
171 CVE-2019-1003070 311 2019-04-04 2020-09-01
4.0
None Remote Low ??? Partial None None
Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
172 CVE-2019-1003069 311 2019-04-04 2020-09-01
4.0
None Remote Low ??? Partial None None
Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
173 CVE-2019-1003068 311 2019-04-04 2020-09-01
4.0
None Remote Low ??? Partial None None
Jenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
174 CVE-2019-1003067 311 2019-04-04 2020-09-01
4.0
None Remote Low ??? Partial None None
Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
175 CVE-2019-1003066 311 2019-04-04 2020-09-01
4.0
None Remote Low ??? Partial None None
Jenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
176 CVE-2019-1003065 311 2019-04-04 2020-09-01
4.0
None Remote Low ??? Partial None None
Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
177 CVE-2019-1003064 311 2019-04-04 2020-09-01
4.0
None Remote Low ??? Partial None None
Jenkins aws-device-farm Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
178 CVE-2019-1003063 311 2019-04-04 2020-09-01
4.0
None Remote Low ??? Partial None None
Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
179 CVE-2019-1003062 311 2019-04-04 2020-09-01
4.0
None Remote Low ??? Partial None None
Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
180 CVE-2019-1003061 311 2019-04-04 2020-09-01
4.0
None Remote Low ??? Partial None None
Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
181 CVE-2019-1003060 311 2019-04-04 2020-09-01
4.0
None Remote Low ??? Partial None None
Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
182 CVE-2019-1003059 862 2019-04-04 2020-09-01
4.0
None Remote Low ??? None Partial None
A missing permission check in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
183 CVE-2019-1003058 352 CSRF 2019-04-04 2020-06-23
4.3
None Remote Medium Not required None Partial None
A cross-site request forgery vulnerability in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers to initiate a connection to an attacker-specified server.
184 CVE-2019-1003057 311 2019-04-04 2020-09-01
4.0
None Remote Low ??? Partial None None
Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
185 CVE-2019-1003056 311 2019-04-04 2020-09-01
4.0
None Remote Low ??? Partial None None
Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
186 CVE-2019-1003055 311 2019-04-04 2020-09-01
4.0
None Remote Low ??? Partial None None
Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
187 CVE-2019-1003054 311 2019-04-04 2020-09-01
4.0
None Remote Low ??? Partial None None
Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
188 CVE-2019-1003053 311 2019-04-04 2020-09-01
4.0
None Remote Low ??? Partial None None
Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
189 CVE-2019-1003052 311 2019-04-04 2020-08-31
4.0
None Remote Low ??? Partial None None
Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
190 CVE-2019-1003051 311 2019-04-04 2020-08-31
4.0
None Remote Low ??? Partial None None
Jenkins IRC Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
191 CVE-2019-1003047 862 2019-03-28 2020-09-30
4.0
None Remote Low ??? None Partial None
A missing permission check in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
192 CVE-2019-1003046 352 CSRF 2019-03-28 2020-06-23
4.3
None Remote Medium Not required None Partial None
A cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers to initiate a connection to an attacker-specified server.
193 CVE-2019-1003039 522 2019-03-08 2020-09-30
4.0
None Remote Low ??? Partial None None
An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain passwords configured in jobs to obtain them.
194 CVE-2019-1003037 862 2019-03-08 2020-09-30
4.0
None Remote Low ??? Partial None None
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
195 CVE-2019-1003036 862 2019-03-08 2020-09-30
4.0
None Remote Low ??? None Partial None
A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent.
196 CVE-2019-1003035 862 +Info 2019-03-08 2020-09-30
4.0
None Remote Low ??? Partial None None
An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java, src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to perform the 'verify configuration' form validation action, thereby obtaining limited information about the Azure configuration.
197 CVE-2019-1003028 918 2019-02-20 2019-10-09
4.0
None Remote Low ??? None Partial None
A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint.
198 CVE-2019-1003027 918 2019-02-20 2019-10-09
4.0
None Remote Low ??? Partial None None
A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL and obtain the HTTP response code if successful, and exception error message otherwise.
199 CVE-2019-1003026 918 2019-02-20 2019-10-09
4.0
None Remote Low ??? None Partial None
A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message.
200 CVE-2019-1003025 862 +Info 2019-02-20 2020-09-29
4.0
None Remote Low ??? Partial None None
A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and earlier in AbstractCloudFoundryPushDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Total number of vulnerabilities : 442   Page : 1 2 3 4 (This Page)5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.