CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-1010260 284 Exec Code 2019-04-02 2019-04-04
9.3
None Remote Medium Not required Complete Complete Complete
Using ktlint to download and execute custom rulesets can result in arbitrary code execution as the served jars can be compromised by a MITM. This attack is exploitable via Man in the Middle of the HTTP connection to the artifact servers. This vulnerability appears to have been fixed in 0.30.0 and later; after commit 5e547b287d6c260d328a2cb658dbe6b7a7ff2261.
2 CVE-2019-1003099 275 2019-04-04 2019-04-15
4.0
None Remote Low Single system None Partial None
A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
3 CVE-2019-1003098 352 CSRF 2019-04-04 2019-04-15
4.3
None Remote Medium Not required None Partial None
A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server.
4 CVE-2019-1003097 255 2019-04-04 2019-04-15
4.0
None Remote Low Single system Partial None None
Jenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
5 CVE-2019-1003096 255 2019-04-04 2019-04-15
4.0
None Remote Low Single system Partial None None
Jenkins TestFairy Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
6 CVE-2019-1003095 255 2019-04-04 2019-04-15
4.0
None Remote Low Single system Partial None None
Jenkins Perfecto Mobile Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
7 CVE-2019-1003094 255 2019-04-04 2019-04-15
4.0
None Remote Low Single system Partial None None
Jenkins Open STF Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
8 CVE-2019-1003093 275 2019-04-04 2019-04-15
4.0
None Remote Low Single system None Partial None
A missing permission check in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
9 CVE-2019-1003092 352 CSRF 2019-04-04 2019-04-15
4.3
None Remote Medium Not required None Partial None
A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
10 CVE-2019-1003091 275 2019-04-04 2019-04-15
4.0
None Remote Low Single system None Partial None
A missing permission check in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
11 CVE-2019-1003090 352 CSRF 2019-04-04 2019-04-15
4.3
None Remote Medium Not required None Partial None
A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server.
12 CVE-2019-1003089 255 2019-04-04 2019-04-15
4.0
None Remote Low Single system Partial None None
Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
13 CVE-2019-1003088 255 2019-04-04 2019-04-15
4.0
None Remote Low Single system Partial None None
Jenkins Fabric Beta Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
14 CVE-2019-1003087 275 2019-04-04 2019-04-15
4.0
None Remote Low Single system None Partial None
A missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
15 CVE-2019-1003086 352 CSRF 2019-04-04 2019-04-15
4.3
None Remote Medium Not required None Partial None
A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
16 CVE-2019-1003085 275 2019-04-04 2019-04-15
4.0
None Remote Low Single system None Partial None
A missing permission check in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
17 CVE-2019-1003084 352 CSRF 2019-04-04 2019-04-15
4.3
None Remote Medium Not required None Partial None
A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
18 CVE-2019-1003083 275 2019-04-04 2019-04-15
4.0
None Remote Low Single system None Partial None
A missing permission check in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
19 CVE-2019-1003082 352 CSRF 2019-04-04 2019-04-15
4.3
None Remote Medium Not required None Partial None
A cross-site request forgery vulnerability in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
20 CVE-2019-1003081 275 2019-04-04 2019-04-15
4.0
None Remote Low Single system None Partial None
A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
21 CVE-2019-1003080 352 CSRF 2019-04-04 2019-04-15
4.3
None Remote Medium Not required None Partial None
A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server.
22 CVE-2019-1003079 275 2019-04-04 2019-04-15
4.0
None Remote Low Single system None Partial None
A missing permission check in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
23 CVE-2019-1003078 352 CSRF 2019-04-04 2019-04-08
4.3
None Remote Medium Not required None Partial None
A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
24 CVE-2019-1003077 275 2019-04-04 2019-04-15
4.0
None Remote Low Single system None Partial None
A missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
25 CVE-2019-1003076 352 CSRF 2019-04-04 2019-04-15
4.3
None Remote Medium Not required None Partial None
A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
26 CVE-2019-1003075 255 2019-04-04 2019-04-15
4.0
None Remote Low Single system Partial None None
Jenkins Audit to Database Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
27 CVE-2019-1003074 255 2019-04-04 2019-04-15
4.0
None Remote Low Single system Partial None None
Jenkins Hyper.sh Commons Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
28 CVE-2019-1003073 255 2019-04-04 2019-04-15
4.0
None Remote Low Single system Partial None None
Jenkins VS Team Services Continuous Deployment Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
29 CVE-2019-1003072 255 2019-04-04 2019-04-15
4.0
None Remote Low Single system Partial None None
Jenkins WildFly Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
30 CVE-2019-1003071 255 2019-04-04 2019-04-15
4.0
None Remote Low Single system Partial None None
Jenkins OctopusDeploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
31 CVE-2019-1003070 255 2019-04-04 2019-04-15
4.0
None Remote Low Single system Partial None None
Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
32 CVE-2019-1003069 255 2019-04-04 2019-04-15
4.0
None Remote Low Single system Partial None None
Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
33 CVE-2019-1003068 255 2019-04-04 2019-04-15
4.0
None Remote Low Single system Partial None None
Jenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
34 CVE-2019-1003067 255 2019-04-04 2019-04-15
4.0
None Remote Low Single system Partial None None
Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
35 CVE-2019-1003066 255 2019-04-04 2019-04-15
4.0
None Remote Low Single system Partial None None
Jenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
36 CVE-2019-1003065 255 2019-04-04 2019-04-15
4.0
None Remote Low Single system Partial None None
Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
37 CVE-2019-1003064 255 2019-04-04 2019-04-15
4.0
None Remote Low Single system Partial None None
Jenkins aws-device-farm Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
38 CVE-2019-1003063 255 2019-04-04 2019-04-15
4.0
None Remote Low Single system Partial None None
Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
39 CVE-2019-1003062 255 2019-04-04 2019-04-15
4.0
None Remote Low Single system Partial None None
Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
40 CVE-2019-1003061 255 2019-04-04 2019-04-15
4.0
None Remote Low Single system Partial None None
Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
41 CVE-2019-1003060 255 2019-04-04 2019-04-15
4.0
None Remote Low Single system Partial None None
Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
42 CVE-2019-1003059 275 2019-04-04 2019-04-15
4.0
None Remote Low Single system None Partial None
A missing permission check in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
43 CVE-2019-1003058 352 CSRF 2019-04-04 2019-04-15
4.3
None Remote Medium Not required None Partial None
A cross-site request forgery vulnerability in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers to initiate a connection to an attacker-specified server.
44 CVE-2019-1003057 255 2019-04-04 2019-04-15
4.0
None Remote Low Single system Partial None None
Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
45 CVE-2019-1003056 255 2019-04-04 2019-04-15
4.0
None Remote Low Single system Partial None None
Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
46 CVE-2019-1003055 255 2019-04-04 2019-04-15
4.0
None Remote Low Single system Partial None None
Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
47 CVE-2019-1003054 255 2019-04-04 2019-04-15
4.0
None Remote Low Single system Partial None None
Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
48 CVE-2019-1003053 255 2019-04-04 2019-04-15
4.0
None Remote Low Single system Partial None None
Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
49 CVE-2019-1003052 255 2019-04-04 2019-04-15
4.0
None Remote Low Single system Partial None None
Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
50 CVE-2019-1003051 255 2019-04-04 2019-04-15
4.0
None Remote Low Single system Partial None None
Jenkins IRC Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Total number of vulnerabilities : 987   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.