CVE-2024-28161
- EPSS 0.01%
- Veröffentlicht 06.03.2024 17:15:11
- Zuletzt bearbeitet 07.05.2025 14:24:50
In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections is disabled by default.
CVE-2024-28162
- EPSS 0.05%
- Veröffentlicht 06.03.2024 17:15:11
- Zuletzt bearbeitet 07.05.2025 14:27:52
In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections fails to take effect until Jenkins is restarted when switch...
CVE-2023-40344
- EPSS 0.05%
- Veröffentlicht 16.08.2023 15:15:11
- Zuletzt bearbeitet 21.11.2024 08:19:15
A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2023-40345
- EPSS 0.05%
- Veröffentlicht 16.08.2023 15:15:11
- Zuletzt bearbeitet 21.11.2024 08:19:15
Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to.
CVE-2019-10453
- EPSS 0.01%
- Veröffentlicht 16.10.2019 14:15:13
- Zuletzt bearbeitet 21.11.2024 04:19:10
Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.