CVE-2020-2319
- EPSS 0.05%
- Published 04.11.2020 15:15:12
- Last modified 21.11.2024 05:25:18
Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
CVE-2019-10382
- EPSS 0.05%
- Published 07.08.2019 15:15:13
- Last modified 21.11.2024 04:19:00
Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM.
CVE-2019-1003078
- EPSS 0.07%
- Published 04.04.2019 16:29:01
- Last modified 21.11.2024 04:17:51
A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
CVE-2019-1003079
- EPSS 0.08%
- Published 04.04.2019 16:29:01
- Last modified 21.11.2024 04:17:52
A missing permission check in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.