Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for dingding by jenkins

    CVE-2019-10433 (GCVE-0-2019-10433)

    Vulnerability from nvd – Published: 2019-10-01 13:45 – Updated: 2024-08-04 22:24
    VLAI
    Summary
    Jenkins Dingding[钉钉] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:24:18.588Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1423"
              },
              {
                "name": "[oss-security] 20191001 Multiple vulnerabilities in Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/10/01/2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-862/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins Dingding[\u9489\u9489] Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.9 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins Dingding[\u9489\u9489] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T16:49:32.455Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1423"
            },
            {
              "name": "[oss-security] 20191001 Multiple vulnerabilities in Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/10/01/2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-862/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2019-10433",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins Dingding[\u9489\u9489] Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.9 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jenkins Dingding[\u9489\u9489] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-256"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1423",
                  "refsource": "CONFIRM",
                  "url": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1423"
                },
                {
                  "name": "[oss-security] 20191001 Multiple vulnerabilities in Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2019/10/01/2"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-862/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-862/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2019-10433",
        "datePublished": "2019-10-01T13:45:20.000Z",
        "dateReserved": "2019-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:24:18.588Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-10433 (GCVE-0-2019-10433)

    Vulnerability from cvelistv5 – Published: 2019-10-01 13:45 – Updated: 2024-08-04 22:24
    VLAI
    Summary
    Jenkins Dingding[钉钉] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:24:18.588Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1423"
              },
              {
                "name": "[oss-security] 20191001 Multiple vulnerabilities in Jenkins plugins",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/10/01/2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-862/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jenkins Dingding[\u9489\u9489] Plugin",
              "vendor": "Jenkins project",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.9 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins Dingding[\u9489\u9489] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T16:49:32.455Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1423"
            },
            {
              "name": "[oss-security] 20191001 Multiple vulnerabilities in Jenkins plugins",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/10/01/2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-862/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "jenkinsci-cert@googlegroups.com",
              "ID": "CVE-2019-10433",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jenkins Dingding[\u9489\u9489] Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.9 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Jenkins project"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Jenkins Dingding[\u9489\u9489] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-256"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1423",
                  "refsource": "CONFIRM",
                  "url": "https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1423"
                },
                {
                  "name": "[oss-security] 20191001 Multiple vulnerabilities in Jenkins plugins",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2019/10/01/2"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-862/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-862/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2019-10433",
        "datePublished": "2019-10-01T13:45:20.000Z",
        "dateReserved": "2019-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-04T22:24:18.588Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }