Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java, JCloudsSlaveTemplate.java, LauncherFactory.java, OpenstackCredentials.java, OpenStackMachineStep.java, SlaveOptions.java, SlaveOptionsDescriptor.java that allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins, and to cause Jenkins to submit HTTP requests to attacker-specified URLs.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CloudBees Jenkins Openstack Cloud Plugin 信息泄露漏洞
Vulnerability Description
CloudBees Jenkins(前称Hudson Labs)是美国CloudBees公司的一套基于Java开发的持续集成工具,该工具主要用于监控秩序重复的工作。Openstack Cloud Plugin是使用在其中的一个用于创建Openstack云实例的插件。 CloudBees Jenkins Openstack Cloud Plugin 2.35及之前版本中的多个文件存在信息泄露漏洞,该漏洞源于程序没有执行权限检测。攻击者可利用该漏洞捕获储存在Jenkins中的凭证。以下文件收到影响:BootS
CVSS Information
N/A
Vulnerability Type
N/A