Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Date published : 2020-11-04 https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1900 http://www.openwall.com/lists/oss-security/2020/11/04/6
Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system....
A missing permission check in Jenkins Azure Key Vault Plugin 2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Date published : 2020-11-04 https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2110 http://www.openwall.com/lists/oss-security/2020/11/04/6
Jenkins SQLPlus Script Runner Plugin 2.0.12 and earlier does not mask a password provided as command line argument in build logs. Date published : 2020-11-04 https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2129 http://www.openwall.com/lists/oss-security/2020/11/04/6
A missing permission check in Jenkins AWS Global Configuration Plugin 1.5 and earlier allows attackers with Overall/Read permission to replace the global AWS configuration. Date published : 2020-11-04 https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2101 http://www.openwall.com/lists/oss-security/2020/11/04/6
Missing permission checks in Jenkins Ansible Plugin 1.0 and earlier allow attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Date published : 2020-11-04 https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1943 http://www.openwall.com/lists/oss-security/2020/11/04/6
A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Date published : 2020-11-04 https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2103 http://www.openwall.com/lists/oss-security/2020/11/04/6
A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names. Date published : 2020-11-04 https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2102 http://www.openwall.com/lists/oss-security/2020/11/04/6
Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables. Date published : 2020-11-04 https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1646 http://www.openwall.com/lists/oss-security/2020/11/04/6
A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations. Date published : 2020-11-04 https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2104 http://www.openwall.com/lists/oss-security/2020/11/04/6
Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Date published : 2020-11-04 https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2115 http://www.openwall.com/lists/oss-security/2020/11/04/6
Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Date published : 2020-11-04 https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2145 http://www.openwall.com/lists/oss-security/2020/11/04/6
A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using attacker-specified credentials. Date published...
A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page. Date published : 2020-11-04 https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1999 http://www.openwall.com/lists/oss-security/2020/11/04/6