← Back

Octopusdeploy

octopusdeploy

Vendor: Jenkins • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-1003071
1Jenkins
1Octopusdeploy
Nov 21, 2024
Apr 4, 2019
N/A· v4
8.8 HIGH· v3
4.0 MEDIUM· v2
Jenkins OctopusDeploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CVE-2019-1003027
1Jenkins
1Octopusdeploy
Nov 21, 2024
Feb 20, 2019
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-s...Show more
A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL and obtain the HTTP response code if successful, and exception error message otherwise.Show less