← Back

Debian Package Builder

debian_package_builder

Vendor: Jenkins • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-23118
1Jenkins
1Debian Package Builder
Nov 21, 2024
Jan 12, 2022
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `git` at an attacker-specified path on the controller, allowing attackers able to control agent...Show more
Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `git` at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller.Show less
CVE-2020-2125
1Jenkins
1Debian Package Builder
Nov 21, 2024
Feb 12, 2020
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.