Vulnerabilities > Jenkins > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-01 | CVE-2020-2249 | Missing Encryption of Sensitive Data vulnerability in Jenkins Team Foundation Server Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. | 3.3 |
| 2019-10-16 | CVE-2019-10450 | Cleartext Storage of Sensitive Information vulnerability in Jenkins Elasticbox CI Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | 3.3 |
| 2019-10-01 | CVE-2019-10433 | Cleartext Storage of Sensitive Information vulnerability in Jenkins Dingding Jenkins Dingding[??] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 3.3 |
| 2019-09-12 | CVE-2019-10397 | Cleartext Transmission of Sensitive Information vulnerability in Jenkins Aqua Security Severless Scanner Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. | 3.1 |
| 2019-07-31 | CVE-2019-10343 | Information Exposure Through Log Files vulnerability in Jenkins Configuration AS Code Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied. | 3.3 |
| 2018-07-27 | CVE-2017-2651 | Information Exposure vulnerability in Jenkins Mailer jenkins-mailer-plugin before version 1.20 is vulnerable to an information disclosure while using the feature to send emails to a dynamically created list of users based on the changelogs. | 3.7 |
| 2018-05-15 | CVE-2017-2603 | Information Exposure vulnerability in Jenkins Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. | 3.5 |
| 2018-04-05 | CVE-2018-1000150 | Information Exposure vulnerability in Jenkins Reverse Proxy Auth An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in users. | 3.3 |
| 2018-01-26 | CVE-2017-1000401 | Improper Input Validation vulnerability in Jenkins The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, <f:password/>, supports form validation (e.g. | 2.2 |
| 2017-11-01 | CVE-2017-1000242 | Information Exposure vulnerability in Jenkins GIT Client Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure | 3.3 |