Vulnerabilities > Jenkins > Vmware LAB Manager Slaves

DATE CVE VULNERABILITY TITLE RISK
2020-11-04 CVE-2020-2319 Insufficiently Protected Credentials vulnerability in Jenkins VMWare LAB Manager Slaves
Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
network
low complexity
jenkins CWE-522
6.5
2019-08-07 CVE-2019-10382 Improper Certificate Validation vulnerability in Jenkins VMWare LAB Manager Slaves
Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM.
network
high complexity
jenkins CWE-295
6.5
2019-04-04 CVE-2019-1003079 Missing Authorization vulnerability in Jenkins VMWare LAB Manager Slaves
A missing permission check in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
network
low complexity
jenkins CWE-862
6.5
2019-04-04 CVE-2019-1003078 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins VMWare LAB Manager Slaves
A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
network
low complexity
jenkins CWE-352
6.5