Nomad Plugin

Source repositories

CVE	Vendor / Product	CVSS	Published	Description
CVE-2021-21681	Jenkins Project Nomad Plugin	—	Aug 31, 2021	Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
CVE-2019-1003092	Jenkins Project Nomad Plugin	—	Apr 4, 2019	A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
CVE-2019-1003093	Jenkins Project Nomad Plugin	—	Apr 4, 2019	A missing permission check in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.

CVE-2021-21681Aug 31, 2021
Jenkins Project
Nomad Plugin
risk 0.00cvss —epss 0.00
Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
CVE-2019-1003092Apr 4, 2019
Jenkins Project
Nomad Plugin
risk 0.00cvss —epss 0.00
A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
CVE-2019-1003093Apr 4, 2019
Jenkins Project
Nomad Plugin
risk 0.00cvss —epss 0.00
A missing permission check in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.