CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

109156 - Multiple Jenkins Plugins Multiple Security Vulnerabilities(2019-07-11)

This page lists CVE entries related to this Bugtraq ID, using CVE reference matching. For more information about this BID please visit Bugtraq entry details at http://www.securityfocus.com/bid/109156

Related CVE Entries

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-10340 352 CSRF 2019-07-11 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
2 CVE-2019-10341 200 +Info 2019-07-11 2019-10-09
4.0
None Remote Low Single system Partial None None
A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
3 CVE-2019-10342 200 +Info 2019-07-11 2019-10-09
4.0
None Remote Low Single system Partial None None
A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
4 CVE-2019-10346 79 XSS 2019-07-11 2019-10-09
4.3
None Remote Medium Not required None Partial None
A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin.
5 CVE-2019-10347 255 2019-07-11 2019-10-09
4.0
None Remote Low Single system Partial None None
Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system.
6 CVE-2019-10348 200 +Info 2019-07-11 2019-09-17
4.0
None Remote Low Single system Partial None None
Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
7 CVE-2019-10349 79 XSS 2019-07-11 2019-10-09
3.5
None Remote Medium Single system None Partial None
A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.
8 CVE-2019-10350 200 +Info 2019-07-11 2019-09-17
4.0
None Remote Low Single system Partial None None
Jenkins Port Allocator Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
9 CVE-2019-10351 200 +Info 2019-07-11 2019-09-17
4.0
None Remote Low Single system Partial None None
Jenkins Caliper CI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.