Shodan
Vulnerabilities
Vulnerable Software
Jenkins:  Security Vulnerabilities
CVE-2019-10382
Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-08-07
CVE-2019-10385
Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-08-07
CVE-2019-10386
A cross-site request forgery vulnerability in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-08-07
CVE-2019-10387
A missing permission check in Jenkins XL TestView Plugin 1.2.0 and earlier in XLTestView.XLTestDescriptor#doTestConnection allows users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVSS Score
6.5
EPSS Score
0.0
Published
2019-08-07
CVE-2019-10388
A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server.
CVSS Score
4.3
EPSS Score
0.005
Published
2019-08-07
CVE-2019-10389
A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server.
CVSS Score
4.3
EPSS Score
0.0
Published
2019-08-07
CVE-2019-10367
Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-08-07
CVE-2019-10368
A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-08-07
CVE-2019-10369
A missing permission check in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-08-07
CVE-2019-10370
Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally configured passwords in plain text as part of the configuration form, potentially resulting in their exposure.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-08-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved