Vulnerabilities > Jenkins > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-30 | CVE-2019-10318 | Insufficiently Protected Credentials vulnerability in Jenkins Azure AD Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system. | 8.8 |
| 2019-04-30 | CVE-2019-10316 | Insufficiently Protected Credentials vulnerability in Jenkins Aqua Microscanner Jenkins Aqua MicroScanner Plugin 1.0.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 8.8 |
| 2019-04-30 | CVE-2019-10315 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Github Authentication Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF. | 8.8 |
| 2019-04-30 | CVE-2019-10313 | Insufficiently Protected Credentials vulnerability in Jenkins Twitter Jenkins Twitter Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 8.8 |
| 2019-04-30 | CVE-2019-10311 | Missing Authorization vulnerability in Jenkins Ansible Tower A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2019-04-30 | CVE-2019-10310 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Ansible Tower A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins | 8.8 |
| 2019-04-18 | CVE-2019-10303 | Insufficiently Protected Credentials vulnerability in Jenkins Azure Publishersettings Credentials 1.0/1.1/1.2 Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier stored credentials unencrypted in the credentials.xml file on the Jenkins master where they could be viewed by users with access to the master file system. | 8.8 |
| 2019-04-18 | CVE-2019-10302 | Insufficiently Protected Credentials vulnerability in Jenkins Jira-Ext Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system. | 8.8 |
| 2019-04-18 | CVE-2019-10301 | Missing Authorization vulnerability in Jenkins Gitlab A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2019-04-18 | CVE-2019-10300 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Gitlab A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.0 |