Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
publisher vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2019-1003059
A missing permission check in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
Jenkins Ftp Publisher
4
CVSSv2
CVE-2019-1003067
Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Jenkins Trac Publisher
5
CVSSv2
CVE-2020-2114
Jenkins S3 publisher Plugin 0.11.4 and previous versions transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
Jenkins S3 Publisher
10
CVSSv2
CVE-2007-1117
Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote malicious users to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable i...
Microsoft Publisher 2007
NA
CVE-2023-28682
Jenkins Performance Publisher Plugin 8.09 and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks.
Jenkins Performance Publisher
4
CVSSv2
CVE-2021-21651
Jenkins S3 publisher Plugin 0.11.6 and previous versions does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles.
Jenkins S3 Publisher
4
CVSSv2
CVE-2018-1000175
A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.
Jenkins Html Publisher
3.5
CVSSv2
CVE-2018-1000177
A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that wou...
Jenkins S3 Publisher
2.1
CVSSv2
CVE-2019-10426
Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Jenkins Gem Publisher
2.1
CVSSv2
CVE-2017-1000387
Jenkins Build-Publisher plugin version 1.21 and previous versions stores credentials to other Jenkins instances in the file hudson.plugins.build_publisher.BuildPublisher.xml in the Jenkins master home directory. These credentials were stored unencrypted, allowing anyone with loca...
Jenkins Build-publisher
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »