Maven package

org.jenkins-ci.plugins/ansible

pkg:maven/org.jenkins-ci.plugins/ansible

Vulnerabilities (4)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-32983	—	< 205.v4cb	205.v4cb	May 16, 2023	Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them.
CVE-2023-32982	—	< 205.v4cb	205.v4cb	May 16, 2023	Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
CVE-2020-2310	—	< 1.1	1.1	Nov 4, 2020	Missing permission checks in Jenkins Ansible Plugin 1.0 and earlier allow attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2018-1000149	—	< 1.0	1.0	Apr 5, 2018	A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java, AnsibleContext.java, AnsibleJobDslExtension.java, AnsiblePlaybookBuilder.java, AnsiblePlayb

CVE-2023-32983May 16, 2023
affected < 205.v4cbfixed 205.v4cb
Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them.
CVE-2023-32982May 16, 2023
affected < 205.v4cbfixed 205.v4cb
Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
CVE-2020-2310Nov 4, 2020
affected < 1.1fixed 1.1
Missing permission checks in Jenkins Ansible Plugin 1.0 and earlier allow attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2018-1000149Apr 5, 2018
affected < 1.0fixed 1.0
A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java, AnsibleContext.java, AnsibleJobDslExtension.java, AnsiblePlaybookBuilder.java, AnsiblePlayb