Vulnerabilities > Incorrect Default Permissions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-31 | CVE-2019-18367 | Incorrect Default Permissions vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions. | 5.3 |
| 2019-10-31 | CVE-2019-18366 | Incorrect Default Permissions vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission. | 5.3 |
| 2019-10-28 | CVE-2012-5577 | Incorrect Default Permissions vulnerability in multiple products Python keyring lib before 0.10 created keyring files with world-readable permissions. | 7.5 |
| 2019-10-28 | CVE-2019-14925 | Incorrect Default Permissions vulnerability in multiple products An issue was discovered on Mitsubishi Electric Europe B.V. | 6.5 |
| 2019-10-23 | CVE-2019-10474 | Incorrect Default Permissions vulnerability in Jenkins Global Post Script A missing permission check in Jenkins Global Post Script Plugin in allowed users with Overall/Read access to list the scripts available to the plugin stored on the Jenkins master file system. | 4.3 |
| 2019-10-23 | CVE-2019-10473 | Incorrect Default Permissions vulnerability in Jenkins Libvirt Slaves A missing permission check in Jenkins Libvirt Slaves Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 4.3 |
| 2019-10-23 | CVE-2019-10472 | Incorrect Default Permissions vulnerability in Jenkins Libvirt Slaves A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |
| 2019-10-23 | CVE-2019-10470 | Incorrect Default Permissions vulnerability in Jenkins Kubernetes CI A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 6.5 |
| 2019-10-23 | CVE-2019-10469 | Incorrect Default Permissions vulnerability in Jenkins Kubernetes CI A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |
| 2019-10-23 | CVE-2019-10465 | Incorrect Default Permissions vulnerability in Jenkins Deploy Weblogic A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system. | 4.3 |