|
249641
|
7.8 |
HIGH
Local
|
sonarsource
|
sonarqube_scanner
|
An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8 and earlier in SonarInstallation.java that allows attackers with local file system access to obtai…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2018-1000425
|
2024-11-21 12:40 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249642
|
7.8 |
HIGH
Local
|
jfrog
|
artifactory
|
An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2018-1000424
|
2024-11-21 12:40 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249643
|
7.8 |
HIGH
Local
|
atlassian
|
crowd2
|
An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers w…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2018-1000423
|
2024-11-21 12:40 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249644
|
6.5 |
MEDIUM
Network
|
atlassian
|
crowd2
|
An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, conn…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2018-1000422
|
2024-11-21 12:40 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249645
|
6.5 |
MEDIUM
Network
|
apache
|
mesos
|
An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to initiate a test connection to an attacke…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2018-1000421
|
2024-11-21 12:40 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249646
|
6.5 |
MEDIUM
Network
|
apache
|
mesos
|
An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials s…
|
CWE-863
Incorrect Authorization
|
CVE-2018-1000420
|
2024-11-21 12:40 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249647
|
6.5 |
MEDIUM
Network
|
atlassian
|
hipchat
|
An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credent…
|
NVD-CWE-noinfo
|
CVE-2018-1000419
|
2024-11-21 12:40 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249648
|
8.8 |
HIGH
Network
|
atlassian
|
hipchat
|
An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an atta…
|
CWE-863
Incorrect Authorization
|
CVE-2018-1000418
|
2024-11-21 12:40 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249649
|
8.1 |
HIGH
Network
|
jenkins
|
email_extension_template
|
A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and earlier in ExtEmailTemplateManagement.java that allows creating or removing templates.
|
CWE-352
Origin Validation Error
|
CVE-2018-1000417
|
2024-11-21 12:40 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249650
|
6.1 |
MEDIUM
Network
|
jobconfighistory_project
|
jobconfighistory
|
A reflected cross-site scripting vulnerability exists in Jenkins Job Config History Plugin 2.18 and earlier in all Jelly files that shows arbitrary attacker-specified HTML in Jenkins to users with Jo…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000416
|
2024-11-21 12:40 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
