Jun 30, 2022 · This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. GitLab Plugin 1.5.35 ...
Missing: web | Show results with:web
Dec 6, 2023 · The plugin uses the AWS Java SDK to communicate with Secrets Manager. ... security benefit in this provider. Example ... If you need to change the ...
Missing: /search | Show results with:/search
Oct 11, 2022 · ... web/devops/jenkins/computer/VMLondonTosca ... secret @secret-file -workDir “C:\jenkins” -noCertificateCheck ... at java.base/java.security.
Missing: /search | Show results with:/search
Cross-Site Scripting (XSS) is a web application ... In those cases, the security is controlled by the markup formatter. ... java="${variableFromJava}"></div> < ...
As a result, generic static analysis tools are often unable to find common vulnerabilities in Jenkins core and plugins. The Jenkins security team created a ...
Aug 7, 2017 · The Config File Provider Plugin is used to centrally manage configuration files that may include secrets, such as passwords. Users with only ...
Nov 11, 2015 · Search K. Jenkins Security Advisory 2015-11 ... Secret key not verified when connecting an agent ... web.xml . API tokens of other users ...
Missing: java | Show results with:java
The "Enable Security" checkbox should always be enabled for any non-local (test) Jenkins environment. The "Security" section of the web UI allows a Jenkins ...
Missing: java secrets
Nov 4, 2020 · The LDAP-based mode in Active Directory Plugin 2.19 and earlier shares code between user lookup and user authentication and distinguishes ...
Jun 30, 2021 · This allows attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site after ...