Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    12 vulnerabilities found for Jenkins Project Inheritance Plugin by Jenkins project

    CVE-2022-34787 (GCVE-0-2022-34787)

    Vulnerability from nvd – Published: 2022-06-30 17:46 – Updated: 2024-08-03 09:22
    VLAI
    Summary
    Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins Project Inheritance Plugin Affected: unspecified , ≤ 21.04.03 (custom)
    Unknown: next of 21.04.03 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:22:10.430Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1919"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins Project Inheritance Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "21.04.03",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unknown",
                  "version": "next of 21.04.03",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T14:23:16.052Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1919"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2022-34787",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins Project Inheritance Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "21.04.03"
                              },
                              {
                                "version_affected": "?\u003e",
                                "version_value": "21.04.03"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1919",
                  "refsource": "CONFIRM",
                  "url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1919"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2022-34787",
        "datePublished": "2022-06-30T17:46:51.000Z",
        "dateReserved": "2022-06-29T00:00:00.000Z",
        "dateUpdated": "2024-08-03T09:22:10.430Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-2198 (GCVE-0-2020-2198)

    Vulnerability from nvd – Published: 2020-06-03 12:40 – Updated: 2024-08-04 07:01
    VLAI
    Summary
    Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins Project Inheritance Plugin Affected: unspecified , ≤ 19.08.02 (custom)
    Unknown: next of 19.08.02 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:01:41.160Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582"
              },
              {
                "name": "[oss-security] 20200603 Multiple vulnerabilities in Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/06/03/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins Project Inheritance Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "19.08.02",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unknown",
                  "version": "next of 19.08.02",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the \u0027getConfigAsXML\u0027 API URL when transmitting job config.xml data to users without Job/Configure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T16:06:49.843Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582"
            },
            {
              "name": "[oss-security] 20200603 Multiple vulnerabilities in Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/06/03/3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2020-2198",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins Project Inheritance Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "19.08.02"
                              },
                              {
                                "version_affected": "?\u003e",
                                "version_value": "19.08.02"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the \u0027getConfigAsXML\u0027 API URL when transmitting job config.xml data to users without Job/Configure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-522: Insufficiently Protected Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582",
                  "refsource": "CONFIRM",
                  "url": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582"
                },
                {
                  "name": "[oss-security] 20200603 Multiple vulnerabilities in Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/06/03/3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2020-2198",
        "datePublished": "2020-06-03T12:40:26.000Z",
        "dateReserved": "2019-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-04T07:01:41.160Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-2197 (GCVE-0-2020-2197)

    Vulnerability from nvd – Published: 2020-06-03 12:40 – Updated: 2024-08-04 07:01
    VLAI
    Summary
    Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins Project Inheritance Plugin Affected: unspecified , ≤ 19.08.02 (custom)
    Unknown: next of 19.08.02 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:01:41.113Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582"
              },
              {
                "name": "[oss-security] 20200603 Multiple vulnerabilities in Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/06/03/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins Project Inheritance Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "19.08.02",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unknown",
                  "version": "next of 19.08.02",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T16:06:48.675Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582"
            },
            {
              "name": "[oss-security] 20200603 Multiple vulnerabilities in Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/06/03/3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2020-2197",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins Project Inheritance Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "19.08.02"
                              },
                              {
                                "version_affected": "?\u003e",
                                "version_value": "19.08.02"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285: Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582",
                  "refsource": "CONFIRM",
                  "url": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582"
                },
                {
                  "name": "[oss-security] 20200603 Multiple vulnerabilities in Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/06/03/3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2020-2197",
        "datePublished": "2020-06-03T12:40:26.000Z",
        "dateReserved": "2019-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-04T07:01:41.113Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10408 (GCVE-0-2019-10408)

    Vulnerability from nvd – Published: 2019-09-25 15:05 – Updated: 2024-08-04 22:24
    VLAI
    Summary
    A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:24:16.960Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401"
              },
              {
                "name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins Project Inheritance Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.0 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T16:49:02.994Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401"
            },
            {
              "name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2019-10408",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins Project Inheritance Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.0.0 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401",
                  "refsource": "CONFIRM",
                  "url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401"
                },
                {
                  "name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2019-10408",
        "datePublished": "2019-09-25T15:05:32.000Z",
        "dateReserved": "2019-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:24:16.960Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10407 (GCVE-0-2019-10407)

    Vulnerability from nvd – Published: 2019-09-25 15:05 – Updated: 2024-08-04 22:24
    VLAI
    Summary
    Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:24:17.569Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-351"
              },
              {
                "name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins Project Inheritance Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.0 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T16:49:01.786Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-351"
            },
            {
              "name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2019-10407",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins Project Inheritance Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.0.0 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-213"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-351",
                  "refsource": "CONFIRM",
                  "url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-351"
                },
                {
                  "name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2019-10407",
        "datePublished": "2019-09-25T15:05:32.000Z",
        "dateReserved": "2019-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:24:17.569Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10409 (GCVE-0-2019-10409)

    Vulnerability from nvd – Published: 2019-09-25 15:05 – Updated: 2024-08-04 22:24
    VLAI
    Summary
    A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:24:17.762Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401"
              },
              {
                "name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins Project Inheritance Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.0 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T16:49:04.134Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401"
            },
            {
              "name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2019-10409",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins Project Inheritance Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.0.0 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401",
                  "refsource": "CONFIRM",
                  "url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401"
                },
                {
                  "name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2019-10409",
        "datePublished": "2019-09-25T15:05:32.000Z",
        "dateReserved": "2019-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:24:17.762Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-34787 (GCVE-0-2022-34787)

    Vulnerability from cvelistv5 – Published: 2022-06-30 17:46 – Updated: 2024-08-03 09:22
    VLAI
    Summary
    Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins Project Inheritance Plugin Affected: unspecified , ≤ 21.04.03 (custom)
    Unknown: next of 21.04.03 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:22:10.430Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1919"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins Project Inheritance Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "21.04.03",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unknown",
                  "version": "next of 21.04.03",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T14:23:16.052Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1919"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2022-34787",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins Project Inheritance Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "21.04.03"
                              },
                              {
                                "version_affected": "?\u003e",
                                "version_value": "21.04.03"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1919",
                  "refsource": "CONFIRM",
                  "url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1919"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2022-34787",
        "datePublished": "2022-06-30T17:46:51.000Z",
        "dateReserved": "2022-06-29T00:00:00.000Z",
        "dateUpdated": "2024-08-03T09:22:10.430Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-2198 (GCVE-0-2020-2198)

    Vulnerability from cvelistv5 – Published: 2020-06-03 12:40 – Updated: 2024-08-04 07:01
    VLAI
    Summary
    Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins Project Inheritance Plugin Affected: unspecified , ≤ 19.08.02 (custom)
    Unknown: next of 19.08.02 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:01:41.160Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582"
              },
              {
                "name": "[oss-security] 20200603 Multiple vulnerabilities in Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/06/03/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins Project Inheritance Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "19.08.02",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unknown",
                  "version": "next of 19.08.02",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the \u0027getConfigAsXML\u0027 API URL when transmitting job config.xml data to users without Job/Configure."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T16:06:49.843Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582"
            },
            {
              "name": "[oss-security] 20200603 Multiple vulnerabilities in Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/06/03/3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2020-2198",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins Project Inheritance Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "19.08.02"
                              },
                              {
                                "version_affected": "?\u003e",
                                "version_value": "19.08.02"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the \u0027getConfigAsXML\u0027 API URL when transmitting job config.xml data to users without Job/Configure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-522: Insufficiently Protected Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582",
                  "refsource": "CONFIRM",
                  "url": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582"
                },
                {
                  "name": "[oss-security] 20200603 Multiple vulnerabilities in Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/06/03/3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2020-2198",
        "datePublished": "2020-06-03T12:40:26.000Z",
        "dateReserved": "2019-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-04T07:01:41.160Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-2197 (GCVE-0-2020-2197)

    Vulnerability from cvelistv5 – Published: 2020-06-03 12:40 – Updated: 2024-08-04 07:01
    VLAI
    Summary
    Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Jenkins project Jenkins Project Inheritance Plugin Affected: unspecified , ≤ 19.08.02 (custom)
    Unknown: next of 19.08.02 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:01:41.113Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582"
              },
              {
                "name": "[oss-security] 20200603 Multiple vulnerabilities in Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/06/03/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins Project Inheritance Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "lessThanOrEqual": "19.08.02",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unknown",
                  "version": "next of 19.08.02",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T16:06:48.675Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582"
            },
            {
              "name": "[oss-security] 20200603 Multiple vulnerabilities in Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/06/03/3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2020-2197",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins Project Inheritance Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "19.08.02"
                              },
                              {
                                "version_affected": "?\u003e",
                                "version_value": "19.08.02"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285: Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582",
                  "refsource": "CONFIRM",
                  "url": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582"
                },
                {
                  "name": "[oss-security] 20200603 Multiple vulnerabilities in Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/06/03/3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2020-2197",
        "datePublished": "2020-06-03T12:40:26.000Z",
        "dateReserved": "2019-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-04T07:01:41.113Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10408 (GCVE-0-2019-10408)

    Vulnerability from cvelistv5 – Published: 2019-09-25 15:05 – Updated: 2024-08-04 22:24
    VLAI
    Summary
    A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:24:16.960Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401"
              },
              {
                "name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins Project Inheritance Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.0 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T16:49:02.994Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401"
            },
            {
              "name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2019-10408",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins Project Inheritance Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.0.0 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401",
                  "refsource": "CONFIRM",
                  "url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401"
                },
                {
                  "name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2019-10408",
        "datePublished": "2019-09-25T15:05:32.000Z",
        "dateReserved": "2019-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:24:16.960Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10407 (GCVE-0-2019-10407)

    Vulnerability from cvelistv5 – Published: 2019-09-25 15:05 – Updated: 2024-08-04 22:24
    VLAI
    Summary
    Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:24:17.569Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-351"
              },
              {
                "name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins Project Inheritance Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.0 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T16:49:01.786Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-351"
            },
            {
              "name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2019-10407",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins Project Inheritance Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.0.0 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-213"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-351",
                  "refsource": "CONFIRM",
                  "url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-351"
                },
                {
                  "name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2019-10407",
        "datePublished": "2019-09-25T15:05:32.000Z",
        "dateReserved": "2019-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:24:17.569Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10409 (GCVE-0-2019-10409)

    Vulnerability from cvelistv5 – Published: 2019-09-25 15:05 – Updated: 2024-08-04 22:24
    VLAI
    Summary
    A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates.
    Severity
    No CVSS data available.
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:24:17.762Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401"
              },
              {
                "name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins Project Inheritance Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.0 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T16:49:04.134Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401"
            },
            {
              "name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2019-10409",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins Project Inheritance Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.0.0 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401",
                  "refsource": "CONFIRM",
                  "url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401"
                },
                {
                  "name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2019-10409",
        "datePublished": "2019-09-25T15:05:32.000Z",
        "dateReserved": "2019-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:24:17.762Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }