Shodan
Vulnerabilities
Vulnerable Software
Jenkins:  Security Vulnerabilities
CVE-2019-10420
Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-09-25
CVE-2019-10421
Jenkins Azure Event Grid Build Notifier Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVSS Score
4.3
EPSS Score
0.001
Published
2019-09-25
CVE-2019-10422
Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-09-25
CVE-2019-10423
Jenkins CodeScan Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-09-25
CVE-2019-10424
Jenkins elOyente Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-09-25
CVE-2019-10425
Jenkins Google Calendar Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-09-25
CVE-2019-10426
Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-09-25
CVE-2019-10401
In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents (typically Job/Configure).
CVSS Score
5.4
EPSS Score
0.005
Published
2019-09-25
CVE-2019-10402
In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents.
CVSS Score
5.4
EPSS Score
0.005
Published
2019-09-25
CVE-2019-10403
Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a stored XSS vulnerability exploitable by users able to control SCM tag names for these actions.
CVSS Score
5.4
EPSS Score
0.005
Published
2019-09-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved