5 results (0.456 seconds)

CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0

In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections fails to take effect until Jenkins is restarted when switching from disabled validation to enabled validation. En Jenkins Delphix Plugin 3.0.1 a 3.1.0 (ambos inclusive), una opción global para que los administradores habiliten o deshabiliten la validación de certificados SSL/TLS para conexiones de la Torre de control de datos (DCT) no surte efecto hasta que se reinicia al cambiar de validación deshabilitada a validación habilitada. • http://www.openwall.com/lists/oss-security/2024/03/06/3 https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3330 • CWE-295: Improper Certificate Validation •

CVSS: -EPSS: 0%CPEs: 1EXPL: 0

In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections is disabled by default. En Jenkins Delphix Plugin 3.0.1, una opción global para que los administradores habiliten o deshabiliten la validación de certificados SSL/TLS para conexiones de Data Control Tower (DCT) está deshabilitada de forma predeterminada. • http://www.openwall.com/lists/oss-security/2024/03/06/3 https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3215 •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to. • http://www.openwall.com/lists/oss-security/2023/08/16/3 https://support.delphix.com/Support_Policies_and_Technical_Bulletins/Technical_Bulletins/TB111_Delphix_Plugin_for_Jenkins_Vulnerable_to_Credential_Enumeration_and_Capture https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3214%20(2) • CWE-522: Insufficiently Protected Credentials •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. • http://www.openwall.com/lists/oss-security/2023/08/16/3 https://support.delphix.com/Support_Policies_and_Technical_Bulletins/Technical_Bulletins/TB111_Delphix_Plugin_for_Jenkins_Vulnerable_to_Credential_Enumeration_and_Capture https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3214%20(1) • CWE-862: Missing Authorization •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Jenkins Delphix Plugin, almacena las credenciales no encriptadas en su archivo de configuración global en el maestro de Jenkins, donde pueden ser visualizadas por parte de los usuarios con acceso al sistema de archivos maestro. • http://www.openwall.com/lists/oss-security/2019/10/16/6 https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1450 • CWE-312: Cleartext Storage of Sensitive Information •