All the vulnerabilites related to Jenkins project - Jenkins Aqua Security Scanner Plugin
cve-2019-1003069
Vulnerability from cvelistv5
Published
2019-04-04 15:38
Modified
2024-08-05 03:07
Severity ?
EPSS score ?
Summary
Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/107790 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2019/04/12/2 | mailing-list, x_refsource_MLIST | |
| https://jenkins.io/security/advisory/2019-04-03/#SECURITY-949 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Jenkins project | Jenkins Aqua Security Scanner Plugin |
Version: all versions as of 2019-04-03 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:07:17.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107790",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107790"
},
{
"name": "[oss-security] 20190413 Re: Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/12/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-949"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Aqua Security Scanner Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "all versions as of 2019-04-03"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:45:51.569Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"name": "107790",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107790"
},
{
"name": "[oss-security] 20190413 Re: Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/12/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-949"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2019-1003069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Aqua Security Scanner Plugin",
"version": {
"version_data": [
{
"version_value": "all versions as of 2019-04-03"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107790",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107790"
},
{
"name": "[oss-security] 20190413 Re: Multiple vulnerabilities in Jenkins plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/04/12/2"
},
{
"name": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-949",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-949"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2019-1003069",
"datePublished": "2019-04-04T15:38:48",
"dateReserved": "2019-04-03T00:00:00",
"dateUpdated": "2024-08-05T03:07:17.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10428
Vulnerability from cvelistv5
Published
2019-09-25 15:05
Modified
2024-08-04 22:24
Severity ?
EPSS score ?
Summary
Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1508 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2019/09/25/3 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Jenkins project | Jenkins Aqua Security Scanner Plugin |
Version: 3.0.17 and earlier |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:24:17.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1508"
},
{
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Aqua Security Scanner Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "3.0.17 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:49:26.580Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1508"
},
{
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2019-10428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Aqua Security Scanner Plugin",
"version": {
"version_data": [
{
"version_value": "3.0.17 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1508",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1508"
},
{
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2019-10428",
"datePublished": "2019-09-25T15:05:34",
"dateReserved": "2019-03-29T00:00:00",
"dateUpdated": "2024-08-04T22:24:17.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}