Vulnerabilities > Jenkins > Low

DATE CVE VULNERABILITY TITLE RISK
2020-09-01 CVE-2020-2249 Missing Encryption of Sensitive Data vulnerability in Jenkins Team Foundation Server
Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.
local
low complexity
jenkins CWE-311
3.3
2019-10-16 CVE-2019-10450 Cleartext Storage of Sensitive Information vulnerability in Jenkins Elasticbox CI
Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
local
low complexity
jenkins CWE-312
3.3
2019-10-01 CVE-2019-10433 Cleartext Storage of Sensitive Information vulnerability in Jenkins Dingding
Jenkins Dingding[??] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
local
low complexity
jenkins CWE-312
3.3
2019-09-12 CVE-2019-10397 Cleartext Transmission of Sensitive Information vulnerability in Jenkins Aqua Security Severless Scanner
Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier transmitted configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure.
network
high complexity
jenkins CWE-319
3.1
2019-07-31 CVE-2019-10343 Information Exposure Through Log Files vulnerability in Jenkins Configuration AS Code
Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied.
local
low complexity
jenkins CWE-532
3.3
2018-07-27 CVE-2017-2651 Information Exposure vulnerability in Jenkins Mailer
jenkins-mailer-plugin before version 1.20 is vulnerable to an information disclosure while using the feature to send emails to a dynamically created list of users based on the changelogs.
network
high complexity
jenkins CWE-200
3.7
2018-05-15 CVE-2017-2603 Information Exposure vulnerability in Jenkins
Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API.
network
low complexity
jenkins CWE-200
3.5
2018-04-05 CVE-2018-1000150 Information Exposure vulnerability in Jenkins Reverse Proxy Auth
An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in users.
local
low complexity
jenkins CWE-200
3.3
2018-01-26 CVE-2017-1000401 Improper Input Validation vulnerability in Jenkins
The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, <f:password/>, supports form validation (e.g.
local
high complexity
jenkins CWE-20
2.2
2017-11-01 CVE-2017-1000242 Information Exposure vulnerability in Jenkins GIT Client
Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure
local
low complexity
jenkins CWE-200
3.3