| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-5884 |
200 |
|
+Info |
2019-01-10 |
2019-01-24 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safe_mode or open_basedir is not set. |
|
2 |
CVE-2019-5747 |
125 |
|
+Info |
2019-01-09 |
2019-01-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679. |
|
3 |
CVE-2019-3500 |
|
|
+Info |
2019-01-02 |
2019-01-22 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. |
|
4 |
CVE-2019-2544 |
200 |
|
+Info |
2019-01-16 |
2019-01-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 4.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). |
|
5 |
CVE-2019-2543 |
200 |
|
+Info |
2019-01-16 |
2019-01-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via KSSL to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). |
|
6 |
CVE-2019-2462 |
200 |
|
DoS +Info |
2019-01-16 |
2019-01-18 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. While the vulnerability is in Oracle Outside In Technology, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L). |
|
7 |
CVE-2019-2430 |
200 |
|
+Info |
2019-01-16 |
2019-01-18 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Console). Supported versions that are affected are 8.1 and 8.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Argus Safety. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Argus Safety accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). |
|
8 |
CVE-2019-2404 |
200 |
|
+Info |
2019-01-16 |
2019-01-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). |
|
9 |
CVE-2019-0647 |
200 |
|
+Info |
2019-01-17 |
2019-01-19 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka "Team Foundation Server Information Disclosure Vulnerability." This affects Team. |
|
10 |
CVE-2019-0588 |
200 |
|
+Info |
2019-01-08 |
2019-01-15 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange Server. |
|
11 |
CVE-2019-0569 |
200 |
|
+Info |
2019-01-08 |
2019-01-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0549, CVE-2019-0554. |
|
12 |
CVE-2019-0561 |
200 |
|
+Info |
2019-01-08 |
2019-01-14 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka "Microsoft Word Information Disclosure Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office, Word. |
|
13 |
CVE-2019-0560 |
200 |
|
+Info |
2019-01-08 |
2019-01-11 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. |
|
14 |
CVE-2019-0559 |
200 |
|
+Info |
2019-01-08 |
2019-01-11 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. |
|
15 |
CVE-2019-0554 |
200 |
|
+Info |
2019-01-08 |
2019-01-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0549, CVE-2019-0569. |
|
16 |
CVE-2019-0553 |
200 |
|
+Info |
2019-01-08 |
2019-01-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory, aka "Windows Subsystem for Linux Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019. |
|
17 |
CVE-2019-0549 |
200 |
|
+Info |
2019-01-08 |
2019-01-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0554, CVE-2019-0569. |
|
18 |
CVE-2019-0545 |
200 |
|
Bypass +Info |
2019-01-08 |
2019-01-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2. |
|
19 |
CVE-2019-0537 |
200 |
|
+Info |
2019-01-08 |
2019-01-14 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio. |
|
20 |
CVE-2019-0536 |
200 |
|
+Info |
2019-01-08 |
2019-01-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0549, CVE-2019-0554, CVE-2019-0569. |
|
21 |
CVE-2019-0249 |
200 |
|
+Info |
2019-01-08 |
2019-01-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information which would otherwise be restricted. |
|
22 |
CVE-2018-1999046 |
200 |
|
+Info |
2018-08-23 |
2018-10-16 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection log for any agent. |
|
23 |
CVE-2018-1999041 |
200 |
|
+Info |
2018-08-01 |
2018-10-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin's configuration. |
|
24 |
CVE-2018-1999033 |
200 |
|
+Info |
2018-08-01 |
2018-10-05 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An exposure of sensitive information vulnerability exists in Jenkins Anchore Container Image Scanner Plugin 10.16 and earlier in AnchoreBuilder.java that allows attackers with Item/ExtendedRead permission or file system access to the Jenkins master to obtain the password stored in this plugin's configuration. |
|
25 |
CVE-2018-1999031 |
200 |
|
+Info |
2018-08-01 |
2018-10-01 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
An exposure of sensitive information vulnerability exists in Jenkins meliora-testlab Plugin 1.14 and earlier in TestlabNotifier.java that allows attackers with file system access to the Jenkins master to obtain the API key stored in this plugin's configuration. |
|
26 |
CVE-2018-1999009 |
200 |
|
Exec Code +Info File Inclusion |
2018-07-23 |
2018-09-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php#244 (makeFileContents function) that can result in Sensitive information disclosure and remote code execution. This attack appear to be exploitable remotely if the /backend path is accessible. This vulnerability appears to have been fixed in Build 437. |
|
27 |
CVE-2018-1999006 |
200 |
|
+Info |
2018-07-23 |
2018-09-27 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A exposure of sensitive information vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Plugin.java that allows attackers to determine the date and time when a plugin HPI/JPI file was last extracted, which typically is the date of the most recent installation/upgrade. |
|
28 |
CVE-2018-1000889 |
|
|
+Info |
2018-12-28 |
2018-12-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Logisim Evolution version 2.14.3 and earlier contains an XML External Entity (XXE) vulnerability in Circuit file loading functionality (loadXmlFrom in src/com/cburch/logisim/file/XmlReader.java) that can result in information leak, possible RCE depending on system configuration. This attack appears to be exploitable via the victim opening a specially crafted circuit file. This vulnerability appears to have been fixed in 2.14.4. |
|
29 |
CVE-2018-1000803 |
200 |
|
+Info |
2018-10-08 |
2019-01-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. This attack appear to be exploitable via Watch a repository to receive email notifications. Emails received contain the other recipients even if they have the email set as private. This vulnerability appears to have been fixed in 1.5.1. |
|
30 |
CVE-2018-1000645 |
200 |
|
+Info |
2018-08-20 |
2018-10-16 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled variable in import templates function. |
|
31 |
CVE-2018-1000635 |
200 |
|
+Info |
2018-08-20 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains a Information Exposure Through Sent Data vulnerability in OMERO.server that can result in an Attacker gaining full administrative access to server and may be able to disable it. This vulnerability appears to have been fixed in 5.4.7. |
|
32 |
CVE-2018-1000633 |
200 |
|
+Info |
2018-08-20 |
2018-10-12 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
The Open Microscopy Environment OMERO.web version prior to 5.4.7 contains an Information Exposure Through Log Files vulnerability in the login form and change password form that can result in User's password being revealed. Attacker can log in as that user. This attack appear to be exploitable via an attacker reading the web server log. This vulnerability appears to have been fixed in 5.4.7. |
|
33 |
CVE-2018-1000627 |
255 |
|
+Info |
2018-12-28 |
2019-01-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system. |
|
34 |
CVE-2018-1000610 |
255 |
|
+Info |
2018-06-26 |
2018-08-23 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords configured using Configuration as Code Plugin. |
|
35 |
CVE-2018-1000609 |
200 |
|
+Info |
2018-06-26 |
2018-08-23 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration. |
|
36 |
CVE-2018-1000603 |
255 |
|
+Info |
2018-06-26 |
2018-08-23 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java, JCloudsSlaveTemplate.java, LauncherFactory.java, OpenstackCredentials.java, OpenStackMachineStep.java, SlaveOptions.java, SlaveOptionsDescriptor.java that allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins, and to cause Jenkins to submit HTTP requests to attacker-specified URLs. |
|
37 |
CVE-2018-1000601 |
200 |
|
+Info |
2018-06-26 |
2018-08-17 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system. |
|
38 |
CVE-2018-1000600 |
255 |
|
+Info |
2018-06-26 |
2018-08-17 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. |
|
39 |
CVE-2018-1000549 |
200 |
|
+Info |
2018-06-26 |
2018-08-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Wekan version 1.04.0 contains a Email / Username Enumeration vulnerability in Register' and 'Forgot your password?' pages that can result in A remote attacker could perform a brute force attack to obtain valid usernames and email addresses.. This attack appear to be exploitable via HTTP Request. |
|
40 |
CVE-2018-1000535 |
200 |
|
+Info |
2018-06-26 |
2018-08-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. This attack appear to be exploitable via GET parameter. This vulnerability appears to have been fixed in after commit 254765e. |
|
41 |
CVE-2018-1000410 |
|
|
+Info |
2019-01-09 |
2019-01-14 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An information exposure vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier, and the Stapler framework used by these releases, in core/src/main/java/org/kohsuke/stapler/RequestImpl.java, core/src/main/java/hudson/model/Descriptor.java that allows attackers with Overall/Administer permission or access to the local file system to obtain credentials entered by users if the form submission could not be successfully processed. |
|
42 |
CVE-2018-1000402 |
200 |
|
+Info |
2018-07-09 |
2018-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a File and Directory Information Exposure vulnerability in AWSCodeDeployPublisher.java that can result in Disclosure of environment variables. This vulnerability appears to have been fixed in 1.20 and later. |
|
43 |
CVE-2018-1000196 |
200 |
|
+Info |
2018-06-05 |
2018-07-18 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlab_notifier.rb, views/gitlab_notifier/global.erb that allows attackers with local Jenkins master file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured Gitlab token. |
|
44 |
CVE-2018-1000192 |
200 |
|
+Info |
2018-06-05 |
2018-07-27 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate all installed plugins. |
|
45 |
CVE-2018-1000191 |
200 |
|
+Info |
2018-06-05 |
2018-07-18 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A exposure of sensitive information vulnerability exists in Jenkins Black Duck Detect Plugin 1.4.0 and older in DetectPostBuildStepDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. |
|
46 |
CVE-2018-1000190 |
200 |
|
+Info |
2018-06-05 |
2018-07-18 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. |
|
47 |
CVE-2018-1000187 |
200 |
|
+Info |
2018-06-05 |
2018-07-18 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs. |
|
48 |
CVE-2018-1000186 |
200 |
|
+Info |
2018-06-05 |
2018-07-18 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. |
|
49 |
CVE-2018-1000183 |
200 |
|
+Info |
2018-06-05 |
2018-07-18 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. |
|
50 |
CVE-2018-1000181 |
200 |
|
+Info |
2018-06-05 |
2018-07-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Kitura 2.3.0 and earlier have an unintended read access to unauthorised files and folders that can be exploited by a crafted URL resulting in information disclosure. |
