Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins credentials vulnerabilities and exploits
(subscribe to this query)
6
CVSSv2
CVE-2022-27198
A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and previous versions allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.
Jenkins Cloudbees Aws Credentials 1.32
Jenkins Cloudbees Aws Credentials
4.3
CVSSv2
CVE-2021-21648
Jenkins Credentials Plugin 2.3.18 and previous versions does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability.
Jenkins Credentials
4
CVSSv2
CVE-2019-10320
Jenkins Credentials Plugin 2.1.18 and previous versions allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certific...
Jenkins Credentials
3.5
CVSSv2
CVE-2022-29036
Jenkins Credentials Plugin 1111.v35a_307992395 and previous versions, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scri...
Jenkins Credentials
4
CVSSv2
CVE-2020-2182
Jenkins Credentials Binding Plugin 1.22 and previous versions does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances.
Jenkins Credentials Binding
4
CVSSv2
CVE-2018-1000057
Jenkins Credentials Binding Plugin 1.14 and previous versions masks passwords it provides to build processes in their build logs. Jenkins however transforms provided password values, e.g. replacing environment variable references, which could result in values different from but s...
Jenkins Credentials Binding
4
CVSSv2
CVE-2020-2181
Jenkins Credentials Binding Plugin 1.22 and previous versions does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.
Jenkins Credentials Binding
4
CVSSv2
CVE-2018-1000601
A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and previous versions in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master ...
Jenkins Ssh Credentials
4
CVSSv2
CVE-2022-20616
Jenkins Credentials Binding Plugin 1.27 and previous versions does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip fi...
Jenkins Credentials Binding
NA
CVE-2023-25766
A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and previous versions allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Jenkins Azure Credentials
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »