Posted on

Docker Plugin up to 1.1.6 on Jenkins Permission Check fillCredentialsIdItems information disclosure

A vulnerability, which was classified as problematic, has been found in Docker Plugin up to 1.1.6 on Jenkins (Virtualization Software). This issue affects the function fillCredentialsIdItems of the component Permission Check. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Posted on

Gogs Plugin on Jenkins config.xml weak encryption

A vulnerability was found in Gogs Plugin on Jenkins (Jenkins Plugin) (affected version not known) and classified as problematic. Affected by this issue is an unknown part of the file config.xml. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Posted on

Dependency Graph Viewer Plugin up to 0.12 on Jenkins API Endpoint privilege escalation

A vulnerability, which was classified as critical, has been found in Dependency Graph Viewer Plugin up to 0.12 on Jenkins (Jenkins Plugin). This issue affects some unknown functionality of the component API Endpoint. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Posted on

Dependency Graph Viewer Plugin up to 0.13 on Jenkins Job Configuration Stored cross site scripting

A vulnerability was found in Dependency Graph Viewer Plugin up to 0.13 on Jenkins (Jenkins Plugin). It has been classified as problematic. This affects an unknown code of the component Job Configuration Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Posted on

GitLab Community Edition/Enterprise Edition up to 11.3.10/11.4.7/11.5.0 Workhorse Log information disclosure

A vulnerability has been found in GitLab Community Edition and Enterprise Edition up to 11.3.10/11.4.7/11.5.0 (Bug Tracking Software) and classified as problematic. This vulnerability affects some unknown functionality of the component Workhorse Log Handler. Upgrading to version 11.3.11, 11.4.8 or 11.5.1 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Posted on

GitLab Community Edition/Enterprise Edition up to 11.3.10/11.4.7/11.5.0 OAuth Authorization Page cross site scripting

A vulnerability has been found in GitLab Community Edition and Enterprise Edition up to 11.3.10/11.4.7/11.5.0 (Bug Tracking Software) and classified as problematic. Affected by this vulnerability is an unknown function of the component OAuth Authorization Page. Upgrading to version 11.3.11, 11.4.8 or 11.5.1 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Posted on

GitLab Community Edition/Enterprise Edition up to 11.3.10/11.4.7/11.5.0 Markdown cross site scripting

A vulnerability, which was classified as problematic, was found in GitLab Community Edition and Enterprise Edition up to 11.3.10/11.4.7/11.5.0 (Bug Tracking Software). Affected is some unknown processing of the component Markdown Handler. Upgrading to version 11.3.11, 11.4.8 or 11.5.1 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.