Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins. Date published : 2020-03-09 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1635 http://www.openwall.com/lists/oss-security/2020/03/09/1
Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. Date published : 2020-03-09 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1750 http://www.openwall.com/lists/oss-security/2020/03/09/1
Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. Date published : 2020-03-09 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1522 http://www.openwall.com/lists/oss-security/2020/03/09/1
Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. Date published : 2020-03-09 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1511 http://www.openwall.com/lists/oss-security/2020/03/09/1
Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. Date published : 2020-03-09 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1518 http://www.openwall.com/lists/oss-security/2020/03/09/1
Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system. Date published : 2020-03-09 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1550 http://www.openwall.com/lists/oss-security/2020/03/09/1
Jenkins Backlog Plugin 2.4 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. Date published : 2020-03-09 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1510 http://www.openwall.com/lists/oss-security/2020/03/09/1
Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability. Date published : 2020-03-09 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1727 http://www.openwall.com/lists/oss-security/2020/03/09/1
Jenkins Quality Gates Plugin 2.5 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. Date published : 2020-03-09 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1519 http://www.openwall.com/lists/oss-security/2020/03/09/1
Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. Date published : 2020-03-09 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1523 http://www.openwall.com/lists/oss-security/2020/03/09/1
Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. Date published : 2020-03-09 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1520 http://www.openwall.com/lists/oss-security/2020/03/09/1
A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. Date published : 2020-03-09 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1761 http://www.openwall.com/lists/oss-security/2020/03/09/1
A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. Date published : 2020-03-09 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1761 http://www.openwall.com/lists/oss-security/2020/03/09/1
Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. Date published : 2020-03-09 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1692 http://www.openwall.com/lists/oss-security/2020/03/09/1