Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 43765 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2019-1003068 Jenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. MEDIUM Apr 15, 2019 -- (VxWorks 7)
CVE-2019-1003067 Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. MEDIUM Apr 15, 2019 -- (VxWorks 7)
CVE-2019-1003066 Jenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. MEDIUM Apr 15, 2019 -- (VxWorks 7)
CVE-2019-1003065 Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. MEDIUM Apr 15, 2019 -- (VxWorks 7)
CVE-2019-1003064 Jenkins aws-device-farm Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. MEDIUM Apr 15, 2019 -- (VxWorks 7)
CVE-2019-1003063 Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. MEDIUM Apr 15, 2019 -- (VxWorks 7)
CVE-2019-1003062 Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. MEDIUM Apr 15, 2019 -- (VxWorks 7)
CVE-2019-1003061 Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. MEDIUM Apr 15, 2019 -- (VxWorks 7)
CVE-2019-1003060 Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. MEDIUM Apr 15, 2019 -- (VxWorks 7)
CVE-2019-1003059 A missing permission check in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. MEDIUM Apr 15, 2019 -- (VxWorks 7)
CVE-2019-1003058 A cross-site request forgery vulnerability in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers to initiate a connection to an attacker-specified server. MEDIUM Apr 15, 2019 -- (VxWorks 7)
CVE-2019-1003057 Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. MEDIUM Apr 15, 2019 -- (VxWorks 7)
CVE-2019-1003056 Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. MEDIUM Apr 15, 2019 -- (VxWorks 7)
CVE-2019-1003055 Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. MEDIUM Apr 15, 2019 -- (VxWorks 7)
CVE-2019-1003054 Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. MEDIUM Apr 15, 2019 -- (VxWorks 7)
CVE-2019-1003053 Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. MEDIUM Apr 15, 2019 -- (VxWorks 7)
CVE-2019-1003052 Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. MEDIUM Apr 15, 2019 -- (VxWorks 7)
CVE-2019-1003051 Jenkins IRC Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. MEDIUM Apr 15, 2019 -- (VxWorks 7)
CVE-2019-1003050 The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names. LOW Apr 12, 2019 -- (VxWorks 7)
CVE-2019-1003049 Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches. MEDIUM Apr 15, 2019 -- (VxWorks 7)
CVE-2019-1003048 A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration. LOW Mar 28, 2019 -- (VxWorks 7)
CVE-2019-1003048 A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration. LOW Apr 1, 2019 -- (VxWorks 7)
CVE-2019-1003047 A missing permission check in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. MEDIUM Mar 28, 2019 -- (VxWorks 7)
CVE-2019-1003047 A missing permission check in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. MEDIUM Apr 1, 2019 -- (VxWorks 7)
CVE-2019-1003046 A cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers to initiate a connection to an attacker-specified server. MEDIUM Mar 28, 2019 -- (VxWorks 7)
CVE-2019-1003046 A cross-site request forgery vulnerability in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers to initiate a connection to an attacker-specified server. MEDIUM Apr 1, 2019 -- (VxWorks 7)
CVE-2019-1003045 A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configured in this plugin\'s configuration. MEDIUM Mar 28, 2019 -- (VxWorks 7)
CVE-2019-1003045 A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configured in this plugin\'s configuration. MEDIUM Apr 1, 2019 -- (VxWorks 7)
CVE-2019-1003044 A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. LOW Mar 28, 2019 -- (VxWorks 7)
CVE-2019-1003044 A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. LOW Apr 2, 2019 -- (VxWorks 7)
CVE-2019-1003043 A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. LOW Mar 28, 2019 -- (VxWorks 7)
CVE-2019-1003043 A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. LOW Apr 2, 2019 -- (VxWorks 7)
CVE-2019-1003042 A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin. LOW Mar 28, 2019 -- (VxWorks 7)
CVE-2019-1003042 A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin. LOW Apr 1, 2019 -- (VxWorks 7)
CVE-2019-1003041 A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. HIGH Mar 28, 2019 -- (VxWorks 7)
CVE-2019-1003041 A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. HIGH Apr 1, 2019 -- (VxWorks 7)
CVE-2019-1003040 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. HIGH Mar 28, 2019 -- (VxWorks 7)
CVE-2019-1003040 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. HIGH Apr 1, 2019 -- (VxWorks 7)
CVE-2019-1003039 An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain passwords configured in jobs to obtain them. MEDIUM Mar 22, 2019 -- (VxWorks 7)
CVE-2019-1003038 An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator\'s web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration. LOW Mar 22, 2019 -- (VxWorks 7)
CVE-2019-1003037 An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. MEDIUM Mar 22, 2019 -- (VxWorks 7)
CVE-2019-1003036 A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent. MEDIUM Mar 22, 2019 -- (VxWorks 7)
CVE-2019-1003035 An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java, src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to perform the \'verify configuration\' form validation action, thereby obtaining limited information about the Azure configuration. MEDIUM Mar 22, 2019 -- (VxWorks 7)
CVE-2019-1003034 A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM. MEDIUM Mar 22, 2019 -- (VxWorks 7)
CVE-2019-1003033 A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. MEDIUM Mar 22, 2019 -- (VxWorks 7)
CVE-2019-1003032 A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java, src/main/java/hudson/plugins/emailext/plugins/content/EmailExtScript.java, src/main/java/hudson/plugins/emailext/plugins/content/ScriptContent.java, src/main/java/hudson/plugins/emailext/plugins/trigger/AbstractScriptTrigger.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM. MEDIUM Mar 22, 2019 -- (VxWorks 7)
CVE-2019-1003031 A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM. MEDIUM Mar 22, 2019 -- (VxWorks 7)
CVE-2019-1003030 A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM. MEDIUM Mar 22, 2019 -- (VxWorks 7)
CVE-2019-1003029 A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM. MEDIUM Mar 22, 2019 -- (VxWorks 7)
CVE-2019-1003028 A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint. MEDIUM Mar 26, 2019 -- (VxWorks 7)
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version.
Live chat
Online