debian-package-builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file ru.yandex.jenkins.plugins.debuilder.DebianPackageBuilder.xml on the Jenkins controller. This credential can be viewed by users with ac…
[RPD:bmc-rpd] Credential stored in plain text by BMC Release Package and Deployment Plugin
Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. As of publication of this a…
[com.dubture.jenkins:digitalocean-plugin] Token stored in plain text by DigitalOcean Plugin
Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system.
References
https://nvd.nist.gov/vuln/detail/CVE-2020-2126…
[org.jenkins-ci.plugins:azure-ad] Client secret transmitted in plain text by Azure AD Plugin
Azure AD Plugin stores a client secret in its global configuration.
While the credential is stored encrypted on disk, it is transmitted in plain text as part of the configuration form by Azure AD Plugin 1.1.2 and earlier. This can result in exposure of…
[org.jenkins-ci.plugins:s3] Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration
S3 Publisher Plugin stores a secret key in its global configuration. While the credential is stored encrypted on disk, it is transmitted in plain text as part of the configuration form by S3 publisher Plugin 0.11.4 and earlier. This can result in expos…
[org.jenkins-ci.main:jenkins-core] Jenkins REST APIs vulnerable to clickjacking
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier does not serve the X-Frame-Options: deny HTTP header on REST API responses to protect against clickjacking attacks. An attacker could exploit this by routing the victim through a specially crafted web …
[org.jenkins-ci.plugins:ec2] CSRF vulnerability in Jenkins Amazon EC2 Plugin
Amazon EC2 Plugin 1.47 and earlier does not perform permission checks in methods performing form validation. This allows users with Overall/Read access to Jenkins to connect to an attacker-specified URL within the AWS region using attacker-specified cr…
[katello] Katello cleartext password storage issue
A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.2. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credent…
[com.mtvi.plateng.hudson:ldapemail] Jenkins LDAP Email Plugin shows plain text password in configuration form
Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
References
https://nvd.nist.gov/vuln/detail/CVE-2019-10434
https://jenkins.io/security/…
[org.jenkins-ci.plugins:reverse-proxy-auth-plugin] Jenkins Reverse Proxy Auth Plugin allows attackers with local file system access to obtain a list of authorities for logged in users
An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in user…