DeployHub Plugin
CVEs (29)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-10464 | 0.00 | — | 0.00 | Oct 23, 2019 | A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file… | |||
| CVE-2019-10465 | 0.00 | — | 0.00 | Oct 23, 2019 | A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins… | |||
| CVE-2019-10304 | 0.00 | — | 0.00 | Apr 18, 2019 | A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server. | |||
| CVE-2019-10305 | 0.00 | — | 0.00 | Apr 18, 2019 | A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | |||
| CVE-2019-10286 | 0.00 | — | 0.00 | Apr 4, 2019 | Jenkins DeployHub Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||
| CVE-2019-1003081 | 0.00 | — | 0.00 | Apr 4, 2019 | A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | |||
| CVE-2019-1003072 | 0.00 | — | 0.00 | Apr 4, 2019 | Jenkins WildFly Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||
| CVE-2019-1003080 | 0.00 | — | 0.00 | Apr 4, 2019 | A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server. | |||
| CVE-2019-1003056 | 0.00 | — | 0.00 | Apr 4, 2019 | Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. |
- CVE-2019-10464Oct 23, 2019risk 0.00cvss —epss 0.00
A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file…
- CVE-2019-10465Oct 23, 2019risk 0.00cvss —epss 0.00
A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins…
- CVE-2019-10304Apr 18, 2019risk 0.00cvss —epss 0.00
A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server.
- CVE-2019-10305Apr 18, 2019risk 0.00cvss —epss 0.00
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
- CVE-2019-10286Apr 4, 2019risk 0.00cvss —epss 0.00
Jenkins DeployHub Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
- CVE-2019-1003081Apr 4, 2019risk 0.00cvss —epss 0.00
A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
- CVE-2019-1003072Apr 4, 2019risk 0.00cvss —epss 0.00
Jenkins WildFly Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
- CVE-2019-1003080Apr 4, 2019risk 0.00cvss —epss 0.00
A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server.
- CVE-2019-1003056Apr 4, 2019risk 0.00cvss —epss 0.00
Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Page 2 of 2