Jenkins Assembla Auth
By the Year
In 2023 there have been 1 vulnerability in Jenkins Assembla Auth with an average score of 8.8 out of ten. Assembla Auth did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2023 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 1 | 8.80 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 8.80 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Assembla Auth vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Assembla Auth Security Vulnerabilities
Jenkins Assembla Auth Plugin 1.14 and earlier does not verify
CVE-2023-41945
8.8 - High
- September 06, 2023
Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the permissions it grants are enabled, resulting in users with EDIT permissions to be granted Overall/Manage and Overall/SystemRead permissions, even if those permissions are disabled and should not be granted.
AuthZ
Jenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they
CVE-2019-10280
8.8 - High
- April 04, 2019
Jenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Insufficiently Protected Credentials
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Assembla Auth or by Jenkins? Click the Watch button to subscribe.
