All the vulnerabilites related to Jenkins project - Jenkins WildFly Deployer Plugin
cve-2022-41235
Vulnerability from cvelistv5
Published
2022-09-21 15:45
Modified
2024-08-03 12:35
Severity ?
EPSS score ?
Summary
Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2645 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Jenkins project | Jenkins WildFly Deployer Plugin |
Version: unspecified < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:35:49.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2645"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins WildFly Deployer Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "1.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.0.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T14:25:01.945Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2645"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2022-41235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins WildFly Deployer Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.0.2"
},
{
"version_affected": "?\u003e",
"version_value": "1.0.2"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-693: Protection Mechanism Failure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2645",
"refsource": "CONFIRM",
"url": "https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2645"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2022-41235",
"datePublished": "2022-09-21T15:45:55",
"dateReserved": "2022-09-21T00:00:00",
"dateUpdated": "2024-08-03T12:35:49.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-1003072
Vulnerability from cvelistv5
Published
2019-04-04 15:38
Modified
2024-08-05 03:07
Severity ?
EPSS score ?
Summary
Jenkins WildFly Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/107790 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2019/04/12/2 | mailing-list, x_refsource_MLIST | |
| https://jenkins.io/security/advisory/2019-04-03/#SECURITY-961 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Jenkins project | Jenkins WildFly Deployer Plugin |
Version: all versions as of 2019-04-03 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:07:17.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107790",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107790"
},
{
"name": "[oss-security] 20190413 Re: Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/12/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-961"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins WildFly Deployer Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "all versions as of 2019-04-03"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins WildFly Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:45:55.090Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"name": "107790",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107790"
},
{
"name": "[oss-security] 20190413 Re: Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/12/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-961"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2019-1003072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins WildFly Deployer Plugin",
"version": {
"version_data": [
{
"version_value": "all versions as of 2019-04-03"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins WildFly Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107790",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107790"
},
{
"name": "[oss-security] 20190413 Re: Multiple vulnerabilities in Jenkins plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/04/12/2"
},
{
"name": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-961",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-961"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2019-1003072",
"datePublished": "2019-04-04T15:38:48",
"dateReserved": "2019-04-03T00:00:00",
"dateUpdated": "2024-08-05T03:07:17.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}