Vulnerabilities > Jenkins > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-16 | CVE-2019-10448 | Insufficiently Protected Credentials vulnerability in Jenkins Extensive Testing 1.4.3/1.4.4 Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 8.8 |
| 2019-10-16 | CVE-2019-10446 | Improper Certificate Validation vulnerability in Jenkins Cadence Vmanager Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM. | 8.2 |
| 2019-10-16 | CVE-2019-10443 | Cleartext Storage of Sensitive Information vulnerability in Jenkins Icescrum Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 8.8 |
| 2019-10-16 | CVE-2019-10440 | Cleartext Storage of Sensitive Information vulnerability in Jenkins Neoload Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | 8.8 |
| 2019-10-16 | CVE-2019-10437 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins CRX Content Package Deployer A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2019-10-01 | CVE-2019-10435 | Cleartext Transmission of Sensitive Information vulnerability in Jenkins Sourcegear Vault 1.0/1.1/1.1.1 Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | 7.5 |
| 2019-10-01 | CVE-2019-10434 | Cleartext Transmission of Sensitive Information vulnerability in Jenkins Ldap Email Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 7.5 |
| 2019-09-25 | CVE-2019-10428 | Cleartext Transmission of Sensitive Information vulnerability in Jenkins Aqua Security Scanner Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 7.5 |
| 2019-09-25 | CVE-2019-10412 | Cleartext Transmission of Sensitive Information vulnerability in Jenkins Inedo Proget Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 7.5 |
| 2019-09-25 | CVE-2019-10411 | Cleartext Transmission of Sensitive Information vulnerability in Jenkins Inedo Buildmaster Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | 7.5 |