Skip to main content

Configuration As Code

8 CVEs product

Monthly

CVE-2019-10367 Maven MEDIUM PATCH This Month

Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Configuration As Code
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-10363 Maven MEDIUM PATCH This Month

Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Configuration As Code
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2019-10362 Maven MEDIUM PATCH This Month

Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Configuration As Code
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-10345 Maven MEDIUM PATCH This Month

Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Configuration As Code
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-10344 Maven MEDIUM PATCH This Month

Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Configuration As Code
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-10343 Maven LOW PATCH Monitor

Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Configuration As Code
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2018-1000610 Maven HIGH PATCH This Week

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Configuration As Code
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-1000609 Maven MEDIUM PATCH This Month

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Configuration As Code
NVD
CVSS 3.0
6.5
EPSS
1.0%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Configuration As Code
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Configuration As Code
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Configuration As Code
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Configuration As Code
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Configuration As Code
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Configuration As Code
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy