Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system. Date published : 2020-03-09 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1596 http://www.openwall.com/lists/oss-security/2020/03/09/1
Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Date published : 2020-03-09 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1702 http://www.openwall.com/lists/oss-security/2020/03/09/1
Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. Date published : 2020-03-09 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1516 http://www.openwall.com/lists/oss-security/2020/03/09/1
A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier allows attackers with Overall/Read permission to trigger builds. Date published : 2020-03-09 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1765 http://www.openwall.com/lists/oss-security/2020/03/09/1
A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.10 and earlier allows attackers to trigger builds or add a labels in Perforce. Date published : 2020-03-09 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1765 http://www.openwall.com/lists/oss-security/2020/03/09/1
Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. Date published : 2020-03-09 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1722 http://www.openwall.com/lists/oss-security/2020/03/09/1
An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system. Date published...
Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Date published : 2020-03-09 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1700 http://www.openwall.com/lists/oss-security/2020/03/09/1
Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML formatting of its output, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission. Date published : 2020-03-09 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1784 http://www.openwall.com/lists/oss-security/2020/03/09/1
Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability. Date published : 2020-03-09 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1723...
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable. Date published : 2020-03-09 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1754 http://www.openwall.com/lists/oss-security/2020/03/09/1
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies. Date published : 2020-03-09 https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1754 http://www.openwall.com/lists/oss-security/2020/03/09/1
A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they...
It has been found that in openshift-enterprise version 3.11 and openshift-enterprise versions 4.1 up to, including 4.3, multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An...