Total
9772 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1000191 | 1 Jenkins | 1 Synopsys Detect | 2024-11-21 | N/A |
| A exposure of sensitive information vulnerability exists in Jenkins Black Duck Detect Plugin 1.4.0 and older in DetectPostBuildStepDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2018-1000190 | 1 Jenkins | 1 Black Duck Hub | 2024-11-21 | N/A |
| A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2018-1000187 | 1 Jenkins | 1 Kubernetes | 2024-11-21 | N/A |
| A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs. | ||||
| CVE-2018-1000186 | 1 Jenkins | 1 Github Pull Request Builder | 2024-11-21 | N/A |
| A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2018-1000183 | 1 Jenkins | 1 Github | 2024-11-21 | N/A |
| A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2018-1000181 | 1 Ibm | 1 Kitura | 2024-11-21 | N/A |
| Kitura 2.3.0 and earlier have an unintended read access to unauthorised files and folders that can be exploited by a crafted URL resulting in information disclosure. | ||||
| CVE-2018-1000176 | 1 Jenkins | 1 Email Extension | 2024-11-21 | N/A |
| An exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2.61 and older in src/main/resources/hudson/plugins/emailext/ExtendedEmailPublisher/global.groovy and ExtendedEmailPublisherDescriptor.java that allows attackers with control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured SMTP password. | ||||
| CVE-2018-1000169 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | N/A |
| An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins. | ||||
| CVE-2018-1000150 | 1 Jenkins | 1 Reverse Proxy Auth | 2024-11-21 | N/A |
| An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in users. | ||||
| CVE-2018-1000148 | 1 Jenkins | 1 Copy To Slave | 2024-11-21 | N/A |
| An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system. | ||||
| CVE-2018-1000147 | 1 Perforce | 1 Perforce | 2024-11-21 | N/A |
| An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them | ||||
| CVE-2018-1000145 | 1 Jenkins | 1 Perforce | 2024-11-21 | N/A |
| An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with local file system access to obtain encrypted Perforce passwords and decrypt them. | ||||
| CVE-2018-1000143 | 1 Jenkins | 1 Github Pull Request Builder | 2024-11-21 | N/A |
| An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials. | ||||
| CVE-2018-1000142 | 1 Jenkins | 1 Github Pull Request Builder | 2024-11-21 | N/A |
| An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials. | ||||
| CVE-2018-1000135 | 3 Canonical, Gnome, Redhat | 3 Ubuntu Linux, Networkmanager, Enterprise Linux | 2024-11-21 | N/A |
| GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed, but later updates removed the fix. cf. https://bugs.launchpad.net/ubuntu/+bug/1754671 an upstream fix does not appear to be available at this time. | ||||
| CVE-2018-1000126 | 1 Ajenti | 1 Ajenti | 2024-11-21 | N/A |
| Ajenti version 2 contains an Information Disclosure vulnerability in Line 176 of the code source that can result in user and system enumeration as well as data from the /etc/ajenti/config.yml file. This attack appears to be exploitable via network connectivity to the web application. | ||||
| CVE-2018-1000112 | 1 Jenkins | 1 Mercurial | 2024-11-21 | N/A |
| An improper authorization vulnerability exists in Jenkins Mercurial Plugin version 2.2 and earlier in MercurialStatus.java that allows an attacker with network access to obtain a list of nodes and users. | ||||
| CVE-2018-1000111 | 1 Jenkins | 1 Subversion | 2024-11-21 | N/A |
| An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users. | ||||
| CVE-2018-1000110 | 1 Jenkins | 1 Git | 2024-11-21 | N/A |
| An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users. | ||||
| CVE-2018-1000068 | 2 Jenkins, Oracle | 2 Jenkins, Communications Cloud Native Core Automated Test Suite | 2024-11-21 | 5.3 Medium |
| An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system. | ||||