Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for Jenkins Project Inheritance Plugin by Jenkins project
CVE-2022-34787 (GCVE-0-2022-34787)
Vulnerability from nvd – Published: 2022-06-30 17:46 – Updated: 2024-08-03 09:22
VLAI
EPSS
VEX
Summary
Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked.
Severity
No CVSS data available.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.jenkins.io/security/advisory/2022-06-… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins Project Inheritance Plugin |
Affected:
unspecified , ≤ 21.04.03
(custom)
Unknown: next of 21.04.03 , < unspecified (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1919"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Project Inheritance Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "21.04.03",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 21.04.03",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T14:23:16.052Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1919"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2022-34787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Project Inheritance Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "21.04.03"
},
{
"version_affected": "?\u003e",
"version_value": "21.04.03"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1919",
"refsource": "CONFIRM",
"url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1919"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2022-34787",
"datePublished": "2022-06-30T17:46:51.000Z",
"dateReserved": "2022-06-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T09:22:10.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-2198 (GCVE-0-2020-2198)
Vulnerability from nvd – Published: 2020-06-03 12:40 – Updated: 2024-08-04 07:01
VLAI
EPSS
VEX
Summary
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure.
Severity
No CVSS data available.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jenkins.io/security/advisory/2020-06-03/#… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2020/06/03/3 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins Project Inheritance Plugin |
Affected:
unspecified , ≤ 19.08.02
(custom)
Unknown: next of 19.08.02 , < unspecified (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:01:41.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582"
},
{
"name": "[oss-security] 20200603 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/03/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Project Inheritance Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "19.08.02",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 19.08.02",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the \u0027getConfigAsXML\u0027 API URL when transmitting job config.xml data to users without Job/Configure."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:06:49.843Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582"
},
{
"name": "[oss-security] 20200603 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/03/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2020-2198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Project Inheritance Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "19.08.02"
},
{
"version_affected": "?\u003e",
"version_value": "19.08.02"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the \u0027getConfigAsXML\u0027 API URL when transmitting job config.xml data to users without Job/Configure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582"
},
{
"name": "[oss-security] 20200603 Multiple vulnerabilities in Jenkins plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/06/03/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2020-2198",
"datePublished": "2020-06-03T12:40:26.000Z",
"dateReserved": "2019-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:01:41.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-2197 (GCVE-0-2020-2197)
Vulnerability from nvd – Published: 2020-06-03 12:40 – Updated: 2024-08-04 07:01
VLAI
EPSS
VEX
Summary
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format.
Severity
No CVSS data available.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jenkins.io/security/advisory/2020-06-03/#… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2020/06/03/3 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins Project Inheritance Plugin |
Affected:
unspecified , ≤ 19.08.02
(custom)
Unknown: next of 19.08.02 , < unspecified (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:01:41.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582"
},
{
"name": "[oss-security] 20200603 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/03/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Project Inheritance Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "19.08.02",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 19.08.02",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:06:48.675Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582"
},
{
"name": "[oss-security] 20200603 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/03/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2020-2197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Project Inheritance Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "19.08.02"
},
{
"version_affected": "?\u003e",
"version_value": "19.08.02"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582"
},
{
"name": "[oss-security] 20200603 Multiple vulnerabilities in Jenkins plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/06/03/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2020-2197",
"datePublished": "2020-06-03T12:40:26.000Z",
"dateReserved": "2019-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:01:41.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10408 (GCVE-0-2019-10408)
Vulnerability from nvd – Published: 2019-09-25 15:05 – Updated: 2024-08-04 22:24
VLAI
EPSS
VEX
Summary
A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates.
Severity
No CVSS data available.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jenkins.io/security/advisory/2019-09-25/#… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2019/09/25/3 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins Project Inheritance Plugin |
Affected:
2.0.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:24:16.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401"
},
{
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Project Inheritance Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "2.0.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:49:02.994Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401"
},
{
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2019-10408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Project Inheritance Plugin",
"version": {
"version_data": [
{
"version_value": "2.0.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401"
},
{
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2019-10408",
"datePublished": "2019-09-25T15:05:32.000Z",
"dateReserved": "2019-03-29T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:24:16.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10407 (GCVE-0-2019-10407)
Vulnerability from nvd – Published: 2019-09-25 15:05 – Updated: 2024-08-04 22:24
VLAI
EPSS
VEX
Summary
Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin.
Severity
No CVSS data available.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jenkins.io/security/advisory/2019-09-25/#… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2019/09/25/3 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins Project Inheritance Plugin |
Affected:
2.0.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:24:17.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-351"
},
{
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Project Inheritance Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "2.0.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:49:01.786Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-351"
},
{
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2019-10407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Project Inheritance Plugin",
"version": {
"version_data": [
{
"version_value": "2.0.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-213"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-351",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-351"
},
{
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2019-10407",
"datePublished": "2019-09-25T15:05:32.000Z",
"dateReserved": "2019-03-29T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:24:17.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10409 (GCVE-0-2019-10409)
Vulnerability from nvd – Published: 2019-09-25 15:05 – Updated: 2024-08-04 22:24
VLAI
EPSS
VEX
Summary
A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates.
Severity
No CVSS data available.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jenkins.io/security/advisory/2019-09-25/#… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2019/09/25/3 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins Project Inheritance Plugin |
Affected:
2.0.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:24:17.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401"
},
{
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Project Inheritance Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "2.0.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:49:04.134Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401"
},
{
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2019-10409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Project Inheritance Plugin",
"version": {
"version_data": [
{
"version_value": "2.0.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401"
},
{
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2019-10409",
"datePublished": "2019-09-25T15:05:32.000Z",
"dateReserved": "2019-03-29T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:24:17.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34787 (GCVE-0-2022-34787)
Vulnerability from cvelistv5 – Published: 2022-06-30 17:46 – Updated: 2024-08-03 09:22
VLAI
EPSS
VEX
Summary
Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked.
Severity
No CVSS data available.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.jenkins.io/security/advisory/2022-06-… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins Project Inheritance Plugin |
Affected:
unspecified , ≤ 21.04.03
(custom)
Unknown: next of 21.04.03 , < unspecified (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1919"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Project Inheritance Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "21.04.03",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 21.04.03",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T14:23:16.052Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1919"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2022-34787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Project Inheritance Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "21.04.03"
},
{
"version_affected": "?\u003e",
"version_value": "21.04.03"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1919",
"refsource": "CONFIRM",
"url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-1919"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2022-34787",
"datePublished": "2022-06-30T17:46:51.000Z",
"dateReserved": "2022-06-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T09:22:10.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-2198 (GCVE-0-2020-2198)
Vulnerability from cvelistv5 – Published: 2020-06-03 12:40 – Updated: 2024-08-04 07:01
VLAI
EPSS
VEX
Summary
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure.
Severity
No CVSS data available.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jenkins.io/security/advisory/2020-06-03/#… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2020/06/03/3 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins Project Inheritance Plugin |
Affected:
unspecified , ≤ 19.08.02
(custom)
Unknown: next of 19.08.02 , < unspecified (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:01:41.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582"
},
{
"name": "[oss-security] 20200603 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/03/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Project Inheritance Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "19.08.02",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 19.08.02",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the \u0027getConfigAsXML\u0027 API URL when transmitting job config.xml data to users without Job/Configure."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:06:49.843Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582"
},
{
"name": "[oss-security] 20200603 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/03/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2020-2198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Project Inheritance Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "19.08.02"
},
{
"version_affected": "?\u003e",
"version_value": "19.08.02"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the \u0027getConfigAsXML\u0027 API URL when transmitting job config.xml data to users without Job/Configure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582"
},
{
"name": "[oss-security] 20200603 Multiple vulnerabilities in Jenkins plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/06/03/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2020-2198",
"datePublished": "2020-06-03T12:40:26.000Z",
"dateReserved": "2019-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:01:41.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-2197 (GCVE-0-2020-2197)
Vulnerability from cvelistv5 – Published: 2020-06-03 12:40 – Updated: 2024-08-04 07:01
VLAI
EPSS
VEX
Summary
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format.
Severity
No CVSS data available.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jenkins.io/security/advisory/2020-06-03/#… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2020/06/03/3 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins Project Inheritance Plugin |
Affected:
unspecified , ≤ 19.08.02
(custom)
Unknown: next of 19.08.02 , < unspecified (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:01:41.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582"
},
{
"name": "[oss-security] 20200603 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/03/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Project Inheritance Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "19.08.02",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 19.08.02",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:06:48.675Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582"
},
{
"name": "[oss-security] 20200603 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/03/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2020-2197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Project Inheritance Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "19.08.02"
},
{
"version_affected": "?\u003e",
"version_value": "19.08.02"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582"
},
{
"name": "[oss-security] 20200603 Multiple vulnerabilities in Jenkins plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/06/03/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2020-2197",
"datePublished": "2020-06-03T12:40:26.000Z",
"dateReserved": "2019-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:01:41.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10408 (GCVE-0-2019-10408)
Vulnerability from cvelistv5 – Published: 2019-09-25 15:05 – Updated: 2024-08-04 22:24
VLAI
EPSS
VEX
Summary
A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates.
Severity
No CVSS data available.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jenkins.io/security/advisory/2019-09-25/#… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2019/09/25/3 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins Project Inheritance Plugin |
Affected:
2.0.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:24:16.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401"
},
{
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Project Inheritance Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "2.0.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:49:02.994Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401"
},
{
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2019-10408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Project Inheritance Plugin",
"version": {
"version_data": [
{
"version_value": "2.0.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401"
},
{
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2019-10408",
"datePublished": "2019-09-25T15:05:32.000Z",
"dateReserved": "2019-03-29T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:24:16.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10407 (GCVE-0-2019-10407)
Vulnerability from cvelistv5 – Published: 2019-09-25 15:05 – Updated: 2024-08-04 22:24
VLAI
EPSS
VEX
Summary
Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin.
Severity
No CVSS data available.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jenkins.io/security/advisory/2019-09-25/#… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2019/09/25/3 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins Project Inheritance Plugin |
Affected:
2.0.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:24:17.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-351"
},
{
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Project Inheritance Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "2.0.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:49:01.786Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-351"
},
{
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2019-10407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Project Inheritance Plugin",
"version": {
"version_data": [
{
"version_value": "2.0.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-213"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-351",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-351"
},
{
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2019-10407",
"datePublished": "2019-09-25T15:05:32.000Z",
"dateReserved": "2019-03-29T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:24:17.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10409 (GCVE-0-2019-10409)
Vulnerability from cvelistv5 – Published: 2019-09-25 15:05 – Updated: 2024-08-04 22:24
VLAI
EPSS
VEX
Summary
A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates.
Severity
No CVSS data available.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jenkins.io/security/advisory/2019-09-25/#… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2019/09/25/3 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins Project Inheritance Plugin |
Affected:
2.0.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:24:17.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401"
},
{
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Project Inheritance Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "2.0.0 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:49:04.134Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401"
},
{
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2019-10409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Project Inheritance Plugin",
"version": {
"version_data": [
{
"version_value": "2.0.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401"
},
{
"name": "[oss-security] 20190925 Multiple vulnerabilities in Jenkins and Jenkins plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/09/25/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2019-10409",
"datePublished": "2019-09-25T15:05:32.000Z",
"dateReserved": "2019-03-29T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:24:17.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}