Vulnerabilities for Support core (...) - CXSECURITY.COM

Vulnerabilities for 'Support core'

2022-02-15

CVE-2022-25187

CWE-522

Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle.

2021-02-24

CVE-2021-21621

CWE-200

Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID of the user creating the support bundle in some configurations.

2019-11-21

CVE-2019-16540

CWE-22

A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete arbitrary files on the Jenkins master.

CVE-2019-16539

CWE-281

A missing permission check in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete support bundles.

>>> Vendor: Jenkins 480 Products

Image gallery plugin

Extra columns plugin

Script security

Github branch source

Config file provider

Owasp dependency-check

Pipeline-input-step

Deploy to container

Static analysis utilities

Periodic backup

Role-based authorization strategy

Parameterized trigger

Favorite plugin

Translation assistance

Pipeline nodes and processes

Delivery pipeline

Build-publisher

Dependency graph viewer

Global-build-stats

Credentials binding

Pipeline supporting apis

Google-play-android-publisher

Promoted builds

Job and node ownership

Cucumber living documentation

Github pull request builder

Reverse proxy auth

Liquibase runner

Email extension

Black duck detect

Groovy postbuild

Ssh credentials

Openstack cloud

Fortify cloudscan

Configuration as code

Aws codepipeline

Active directory

Distributed fork

Pipeline classpath step

Meliora testlab

Tinfoil security

Tracetronic ecu-test

Inedo buildmaster

Maven artifact choicelistprovider (nexus)

See all Products for Vendor Jenkins

Copyright 2024, cxsecurity.com