diff --git a/2019/1003xxx/CVE-2019-1003051.json b/2019/1003xxx/CVE-2019-1003051.json new file mode 100644 index 00000000000..ecc51f4a8b1 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003051.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003051", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins IRC Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins IRC Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-829" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003052.json b/2019/1003xxx/CVE-2019-1003052.json new file mode 100644 index 00000000000..de049c42274 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003052.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003052", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins AWS Elastic Beanstalk Publisher Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-831" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003053.json b/2019/1003xxx/CVE-2019-1003053.json new file mode 100644 index 00000000000..92168776605 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003053.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003053", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins HockeyApp Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-839" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003054.json b/2019/1003xxx/CVE-2019-1003054.json new file mode 100644 index 00000000000..3e810353fbb --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003054.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003054", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Jira Issue Updater Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-837" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003055.json b/2019/1003xxx/CVE-2019-1003055.json new file mode 100644 index 00000000000..4654a48bb6c --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003055.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003055", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins FTP publisher Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-954" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003056.json b/2019/1003xxx/CVE-2019-1003056.json new file mode 100644 index 00000000000..a7274c5a1ba --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003056.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003056", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins WebSphere Deployer Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-956" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003057.json b/2019/1003xxx/CVE-2019-1003057.json new file mode 100644 index 00000000000..a7d0c58ebf6 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003057.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003057", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Bitbucket Approve Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-965" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003058.json b/2019/1003xxx/CVE-2019-1003058.json new file mode 100644 index 00000000000..c092b129dba --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003058.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003058", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins FTP publisher Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site request forgery vulnerability in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers to initiate a connection to an attacker-specified server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-974" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003059.json b/2019/1003xxx/CVE-2019-1003059.json new file mode 100644 index 00000000000..692eea660f5 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003059.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003059", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins FTP publisher Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A missing permission check in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-974" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003060.json b/2019/1003xxx/CVE-2019-1003060.json new file mode 100644 index 00000000000..8fbcbcc8736 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003060.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003060", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Official OWASP ZAP Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1041" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003061.json b/2019/1003xxx/CVE-2019-1003061.json new file mode 100644 index 00000000000..e110b2fc914 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003061.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003061", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins jenkins-cloudformation-plugin Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1042" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003062.json b/2019/1003xxx/CVE-2019-1003062.json new file mode 100644 index 00000000000..3c9125d4ae8 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003062.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003062", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins AWS CloudWatch Logs Publisher Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-830" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003063.json b/2019/1003xxx/CVE-2019-1003063.json new file mode 100644 index 00000000000..b7f4fed59f6 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003063.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003063", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Amazon SNS Build Notifier Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-832" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003064.json b/2019/1003xxx/CVE-2019-1003064.json new file mode 100644 index 00000000000..9d5855f39d7 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003064.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003064", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins aws-device-farm Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins aws-device-farm Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-835" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003065.json b/2019/1003xxx/CVE-2019-1003065.json new file mode 100644 index 00000000000..095dfd0d400 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003065.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003065", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins CloudShare Docker-Machine Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-838" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003066.json b/2019/1003xxx/CVE-2019-1003066.json new file mode 100644 index 00000000000..bf582465cc4 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003066.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003066", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Bugzilla Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-841" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003067.json b/2019/1003xxx/CVE-2019-1003067.json new file mode 100644 index 00000000000..852ee63cd63 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003067.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003067", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Trac Publisher Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-842" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003068.json b/2019/1003xxx/CVE-2019-1003068.json new file mode 100644 index 00000000000..ca1542c0ff6 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003068.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003068", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins VMware vRealize Automation Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-945" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003069.json b/2019/1003xxx/CVE-2019-1003069.json new file mode 100644 index 00000000000..73bbe5e2b80 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003069.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003069", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Aqua Security Scanner Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-949" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003070.json b/2019/1003xxx/CVE-2019-1003070.json new file mode 100644 index 00000000000..a4db2adbfb0 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003070.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003070", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins veracode-scanner Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-952" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003071.json b/2019/1003xxx/CVE-2019-1003071.json new file mode 100644 index 00000000000..7e93060a435 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003071.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003071", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins OctopusDeploy Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins OctopusDeploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-957" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003072.json b/2019/1003xxx/CVE-2019-1003072.json new file mode 100644 index 00000000000..469be109bc9 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003072.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003072", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins WildFly Deployer Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins WildFly Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-961" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003073.json b/2019/1003xxx/CVE-2019-1003073.json new file mode 100644 index 00000000000..4a1a1076534 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003073.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003073", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins VS Team Services Continuous Deployment Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins VS Team Services Continuous Deployment Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-962" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003074.json b/2019/1003xxx/CVE-2019-1003074.json new file mode 100644 index 00000000000..ea263c93b8e --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003074.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003074", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Hyper.sh Commons Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins Hyper.sh Commons Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-964" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003075.json b/2019/1003xxx/CVE-2019-1003075.json new file mode 100644 index 00000000000..cebcc13023e --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003075.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003075", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Audit to Database Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins Audit to Database Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-966" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003076.json b/2019/1003xxx/CVE-2019-1003076.json new file mode 100644 index 00000000000..fd3248d1b06 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003076.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003076", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Audit to Database Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site request forgery vulnerability in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers to initiate a connection to an attacker-specified server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-977" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003077.json b/2019/1003xxx/CVE-2019-1003077.json new file mode 100644 index 00000000000..0b88de93492 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003077.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003077", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Audit to Database Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-977" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003078.json b/2019/1003xxx/CVE-2019-1003078.json new file mode 100644 index 00000000000..49be31069c2 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003078.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003078", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins VMware Lab Manager Slaves Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-979" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003079.json b/2019/1003xxx/CVE-2019-1003079.json new file mode 100644 index 00000000000..dca69306fc1 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003079.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003079", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins VMware Lab Manager Slaves Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A missing permission check in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-979" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003080.json b/2019/1003xxx/CVE-2019-1003080.json new file mode 100644 index 00000000000..2173c3f65fb --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003080.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003080", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins OpenShift Deployer Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-981" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003081.json b/2019/1003xxx/CVE-2019-1003081.json new file mode 100644 index 00000000000..8f8d29d0e25 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003081.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003081", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins OpenShift Deployer Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-981" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003082.json b/2019/1003xxx/CVE-2019-1003082.json new file mode 100644 index 00000000000..5d4dfa26e27 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003082.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003082", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Gearman Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site request forgery vulnerability in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-991" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003083.json b/2019/1003xxx/CVE-2019-1003083.json new file mode 100644 index 00000000000..eadfb4a5814 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003083.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003083", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Gearman Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A missing permission check in Jenkins Gearman Plugin in the GearmanPluginConfig#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-991" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003084.json b/2019/1003xxx/CVE-2019-1003084.json new file mode 100644 index 00000000000..ed7a88ea2a0 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003084.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003084", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Zephyr Enterprise Test Management Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-993" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003085.json b/2019/1003xxx/CVE-2019-1003085.json new file mode 100644 index 00000000000..5d076a18636 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003085.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003085", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Zephyr Enterprise Test Management Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A missing permission check in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-993" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003086.json b/2019/1003xxx/CVE-2019-1003086.json new file mode 100644 index 00000000000..e6db35a7d59 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003086.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003086", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Chef Sinatra Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1037" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003087.json b/2019/1003xxx/CVE-2019-1003087.json new file mode 100644 index 00000000000..a105ee12f4e --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003087.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003087", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Chef Sinatra Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1037" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003088.json b/2019/1003xxx/CVE-2019-1003088.json new file mode 100644 index 00000000000..b39a89ab614 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003088.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003088", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Fabric Beta Publisher Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins Fabric Beta Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1043" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003089.json b/2019/1003xxx/CVE-2019-1003089.json new file mode 100644 index 00000000000..82a7528d854 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003089.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003089", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Upload to pgyer Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1044" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003090.json b/2019/1003xxx/CVE-2019-1003090.json new file mode 100644 index 00000000000..26f3977b10f --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003090.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003090", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins SOASTA CloudTest Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1054" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003091.json b/2019/1003xxx/CVE-2019-1003091.json new file mode 100644 index 00000000000..b41d8b1b7ba --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003091.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003091", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins SOASTA CloudTest Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A missing permission check in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1054" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003092.json b/2019/1003xxx/CVE-2019-1003092.json new file mode 100644 index 00000000000..312a89b3038 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003092.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003092", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Nomad Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1058" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003093.json b/2019/1003xxx/CVE-2019-1003093.json new file mode 100644 index 00000000000..b18f1cc1013 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003093.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003093", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Nomad Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A missing permission check in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1058" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003094.json b/2019/1003xxx/CVE-2019-1003094.json new file mode 100644 index 00000000000..e49d2d05914 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003094.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003094", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Open STF Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins Open STF Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1059" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003095.json b/2019/1003xxx/CVE-2019-1003095.json new file mode 100644 index 00000000000..098a0410e24 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003095.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003095", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Perfecto Mobile Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins Perfecto Mobile Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1061" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003096.json b/2019/1003xxx/CVE-2019-1003096.json new file mode 100644 index 00000000000..42bba0a3706 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003096.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003096", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins TestFairy Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins TestFairy Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1062" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003097.json b/2019/1003xxx/CVE-2019-1003097.json new file mode 100644 index 00000000000..98c91f43af1 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003097.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003097", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Crowd Integration Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1069" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003098.json b/2019/1003xxx/CVE-2019-1003098.json new file mode 100644 index 00000000000..ce71da88658 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003098.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003098", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins openid Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1084" + } + ] + } +} \ No newline at end of file diff --git a/2019/1003xxx/CVE-2019-1003099.json b/2019/1003xxx/CVE-2019-1003099.json new file mode 100644 index 00000000000..ce6e3f0ef71 --- /dev/null +++ b/2019/1003xxx/CVE-2019-1003099.json @@ -0,0 +1,59 @@ +{ + "CVE_data_meta": { + "ID": "CVE-2019-1003099", + "ASSIGNER": "jenkinsci-cert@googlegroups.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins openid Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1084" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10277.json b/2019/10xxx/CVE-2019-10277.json index ef3f9e261ee..97071f5f515 100644 --- a/2019/10xxx/CVE-2019-10277.json +++ b/2019/10xxx/CVE-2019-10277.json @@ -1,17 +1,58 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10277", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins StarTeam Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins StarTeam Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1085" } ] } diff --git a/2019/10xxx/CVE-2019-10278.json b/2019/10xxx/CVE-2019-10278.json index a17060818f6..b95217e1fa1 100644 --- a/2019/10xxx/CVE-2019-10278.json +++ b/2019/10xxx/CVE-2019-10278.json @@ -1,17 +1,58 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10278", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins jenkins-reviewbot Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery vulnerability in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1091" } ] } diff --git a/2019/10xxx/CVE-2019-10279.json b/2019/10xxx/CVE-2019-10279.json index 10a09958517..0ac1497f271 100644 --- a/2019/10xxx/CVE-2019-10279.json +++ b/2019/10xxx/CVE-2019-10279.json @@ -1,17 +1,58 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10279", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins jenkins-reviewbot Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing permission check in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1091" } ] } diff --git a/2019/10xxx/CVE-2019-10280.json b/2019/10xxx/CVE-2019-10280.json index a763a3836cc..2e3f6353cd6 100644 --- a/2019/10xxx/CVE-2019-10280.json +++ b/2019/10xxx/CVE-2019-10280.json @@ -1,17 +1,58 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10280", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Assembla Auth Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1093" } ] } diff --git a/2019/10xxx/CVE-2019-10281.json b/2019/10xxx/CVE-2019-10281.json index f96c3d3434e..a7351b24c76 100644 --- a/2019/10xxx/CVE-2019-10281.json +++ b/2019/10xxx/CVE-2019-10281.json @@ -1,17 +1,58 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10281", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Relution Enterprise Appstore Publisher Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-828" } ] } diff --git a/2019/10xxx/CVE-2019-10282.json b/2019/10xxx/CVE-2019-10282.json index 855e3f2395e..e47f3c4f92d 100644 --- a/2019/10xxx/CVE-2019-10282.json +++ b/2019/10xxx/CVE-2019-10282.json @@ -1,17 +1,58 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10282", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Klaros-Testmanagement Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Klaros-Testmanagement Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-843" } ] } diff --git a/2019/10xxx/CVE-2019-10283.json b/2019/10xxx/CVE-2019-10283.json index e1f819e1fb8..086ad92b6ef 100644 --- a/2019/10xxx/CVE-2019-10283.json +++ b/2019/10xxx/CVE-2019-10283.json @@ -1,17 +1,58 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10283", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins mabl Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins mabl Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-946" } ] } diff --git a/2019/10xxx/CVE-2019-10284.json b/2019/10xxx/CVE-2019-10284.json index a9679021222..50a5bbd4766 100644 --- a/2019/10xxx/CVE-2019-10284.json +++ b/2019/10xxx/CVE-2019-10284.json @@ -1,17 +1,58 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10284", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Diawi Upload Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Diawi Upload Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-947" } ] } diff --git a/2019/10xxx/CVE-2019-10285.json b/2019/10xxx/CVE-2019-10285.json index f57cffc1f03..18634fa65f2 100644 --- a/2019/10xxx/CVE-2019-10285.json +++ b/2019/10xxx/CVE-2019-10285.json @@ -1,17 +1,58 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10285", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Minio Storage Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Minio Storage Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-955" } ] } diff --git a/2019/10xxx/CVE-2019-10286.json b/2019/10xxx/CVE-2019-10286.json index e00bf0cacc2..9963df1c13f 100644 --- a/2019/10xxx/CVE-2019-10286.json +++ b/2019/10xxx/CVE-2019-10286.json @@ -1,17 +1,58 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10286", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins DeployHub Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins DeployHub Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-959" } ] } diff --git a/2019/10xxx/CVE-2019-10287.json b/2019/10xxx/CVE-2019-10287.json index e2dd45247f6..90fe70b9287 100644 --- a/2019/10xxx/CVE-2019-10287.json +++ b/2019/10xxx/CVE-2019-10287.json @@ -1,17 +1,58 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10287", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins youtrack-plugin Plugin", + "version": { + "version_data": [ + { + "version_value": "0.7.1 and older" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins youtrack-plugin Plugin 0.7.1 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-963" } ] } diff --git a/2019/10xxx/CVE-2019-10288.json b/2019/10xxx/CVE-2019-10288.json index f3721cb33a0..315ddea3f3d 100644 --- a/2019/10xxx/CVE-2019-10288.json +++ b/2019/10xxx/CVE-2019-10288.json @@ -1,17 +1,58 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10288", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Jabber Server Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Jabber Server Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1031" } ] } diff --git a/2019/10xxx/CVE-2019-10289.json b/2019/10xxx/CVE-2019-10289.json index 6dd6c0491f2..e41d2a123e7 100644 --- a/2019/10xxx/CVE-2019-10289.json +++ b/2019/10xxx/CVE-2019-10289.json @@ -1,17 +1,58 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10289", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Netsparker Cloud Scan Plugin", + "version": { + "version_data": [ + { + "version_value": "1.1.5 and older" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery vulnerability in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers to initiate a connection to an attacker-specified server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1032" } ] } diff --git a/2019/10xxx/CVE-2019-10290.json b/2019/10xxx/CVE-2019-10290.json index e279465c492..ba3e9f6d82d 100644 --- a/2019/10xxx/CVE-2019-10290.json +++ b/2019/10xxx/CVE-2019-10290.json @@ -1,17 +1,58 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10290", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Netsparker Cloud Scan Plugin", + "version": { + "version_data": [ + { + "version_value": "1.1.5 and older" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers with Overall/Read permission to initiate a connection to an attacker-specified server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1032" } ] } diff --git a/2019/10xxx/CVE-2019-10291.json b/2019/10xxx/CVE-2019-10291.json index 1367db55b4e..e3fbb4e3417 100644 --- a/2019/10xxx/CVE-2019-10291.json +++ b/2019/10xxx/CVE-2019-10291.json @@ -1,17 +1,58 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10291", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Netsparker Cloud Scan Plugin", + "version": { + "version_data": [ + { + "version_value": "1.1.5 and older" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1040" } ] } diff --git a/2019/10xxx/CVE-2019-10292.json b/2019/10xxx/CVE-2019-10292.json index dcea4964b16..672d692d218 100644 --- a/2019/10xxx/CVE-2019-10292.json +++ b/2019/10xxx/CVE-2019-10292.json @@ -1,17 +1,58 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10292", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Kmap Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery vulnerability in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers to initiate a connection to an attacker-specified server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1055" } ] } diff --git a/2019/10xxx/CVE-2019-10293.json b/2019/10xxx/CVE-2019-10293.json index 2bf3e5ee300..b36680b3fb1 100644 --- a/2019/10xxx/CVE-2019-10293.json +++ b/2019/10xxx/CVE-2019-10293.json @@ -1,17 +1,58 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10293", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Kmap Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing permission check in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1055" } ] } diff --git a/2019/10xxx/CVE-2019-10294.json b/2019/10xxx/CVE-2019-10294.json index 0a463f27e6b..cc1b252ece4 100644 --- a/2019/10xxx/CVE-2019-10294.json +++ b/2019/10xxx/CVE-2019-10294.json @@ -1,17 +1,58 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10294", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Kmap Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Kmap Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1056" } ] } diff --git a/2019/10xxx/CVE-2019-10295.json b/2019/10xxx/CVE-2019-10295.json index ba90834c312..0df32d42209 100644 --- a/2019/10xxx/CVE-2019-10295.json +++ b/2019/10xxx/CVE-2019-10295.json @@ -1,17 +1,58 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10295", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins crittercism-dsym Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins crittercism-dsym Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1063" } ] } diff --git a/2019/10xxx/CVE-2019-10296.json b/2019/10xxx/CVE-2019-10296.json index 041d3b2c50b..aff9590a789 100644 --- a/2019/10xxx/CVE-2019-10296.json +++ b/2019/10xxx/CVE-2019-10296.json @@ -1,17 +1,58 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10296", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Serena SRA Deploy Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Serena SRA Deploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1066" } ] } diff --git a/2019/10xxx/CVE-2019-10297.json b/2019/10xxx/CVE-2019-10297.json index fc6a125537e..082bc07cb4d 100644 --- a/2019/10xxx/CVE-2019-10297.json +++ b/2019/10xxx/CVE-2019-10297.json @@ -1,17 +1,58 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10297", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Sametime Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Sametime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1090" } ] } diff --git a/2019/10xxx/CVE-2019-10298.json b/2019/10xxx/CVE-2019-10298.json index 97092db0ec0..a50cd35055e 100644 --- a/2019/10xxx/CVE-2019-10298.json +++ b/2019/10xxx/CVE-2019-10298.json @@ -1,17 +1,58 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10298", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Koji Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Koji Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1092" } ] } diff --git a/2019/10xxx/CVE-2019-10299.json b/2019/10xxx/CVE-2019-10299.json index b91e97e4d0f..79da32f0763 100644 --- a/2019/10xxx/CVE-2019-10299.json +++ b/2019/10xxx/CVE-2019-10299.json @@ -1,17 +1,58 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10299", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins CloudCoreo DeployTime Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-03" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins CloudCoreo DeployTime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-960" } ] }