← Back

Elasticbox Ci

elasticbox_ci

Vendor: Jenkins • 3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Jenkins
1Elasticbox Ci
Jun 17, 2026
Jul 12, 2023
N/A· v4
7.1 HIGH· v3
N/A· v2
A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through...Show more
A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.Show less
1Jenkins
1Elasticbox Ci
Jun 17, 2026
Jul 12, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through anoth...Show more
A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.Show less
1Jenkins
1Elasticbox Ci
Jun 17, 2026
Oct 16, 2019
N/A· v4
3.3 LOW· v3
2.1 LOW· v2
Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.