VYPR

DeployHub Plugin

by Jenkins Project

CVEs (29)

  • CVE-2019-10304MedApr 18, 2019
    risk 0.35cvss 6.5epss 0.01

    A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server.

  • CVE-2022-41235MedSep 21, 2022
    risk 0.34cvss 5.3epss 0.01

    Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.

  • CVE-2020-2155MedMar 9, 2020
    risk 0.34cvss 5.3epss 0.01

    Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

  • CVE-2020-2156MedMar 9, 2020
    risk 0.28cvss 4.3epss 0.01

    Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.

  • CVE-2019-16571MedDec 17, 2019
    risk 0.28cvss 4.3epss 0.01

    A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server.

  • CVE-2019-10465MedOct 23, 2019
    risk 0.28cvss 4.3epss 0.01

    A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins…

  • CVE-2021-21662MedJun 10, 2021
    risk 0.21cvss 4.3epss 0.01

    A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.

  • CVE-2021-21665HigJun 10, 2021
    risk 0.00cvss 8.8epss 0.01

    A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials…

  • CVE-2021-21663MedJun 10, 2021
    risk 0.00cvss 4.3epss 0.01

    A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password…

Page 2 of 2