Vulnerabilities > Jenkins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-07 | CVE-2019-10388 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Relution Enterprise Appstore Publisher 1.0/1.24 A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server. | 4.3 |
| 2019-08-07 | CVE-2019-10387 | Missing Authorization vulnerability in Jenkins XL Testview A missing permission check in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |
| 2019-08-07 | CVE-2019-10386 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins XL Testview A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2019-08-07 | CVE-2019-10385 | Insufficiently Protected Credentials vulnerability in Jenkins Eggplant Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 6.5 |
| 2019-08-07 | CVE-2019-10382 | Improper Certificate Validation vulnerability in Jenkins VMWare LAB Manager Slaves Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | 6.5 |
| 2019-08-07 | CVE-2019-10381 | Improper Certificate Validation vulnerability in Jenkins Codefresh Integration Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | 7.5 |
| 2019-08-07 | CVE-2019-10380 | Unspecified vulnerability in Jenkins Simple Travis Pipeline Runner 1.0 Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code. | 8.8 |
| 2019-08-07 | CVE-2019-10378 | Insufficiently Protected Credentials vulnerability in Jenkins Testlink Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 5.3 |
| 2019-08-07 | CVE-2019-10377 | Missing Authorization vulnerability in Jenkins Avatar 1.0/1.1/1.2 A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins. | 4.3 |
| 2019-08-07 | CVE-2019-10376 | Cross-site Scripting vulnerability in Jenkins Wall Display A reflected cross-site scripting vulnerability in Jenkins Wall Display Plugin 0.6.34 and earlier allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin. | 6.1 |