Filtered by vendor Jenkins
Subscriptions
Total
1606 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-2256 | 1 Jenkins | 1 Pipeline Maven Integration | 2024-08-04 | 5.4 Medium |
| Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | ||||
| CVE-2020-2285 | 1 Jenkins | 1 Liquibase Runner | 2024-08-04 | 4.3 Medium |
| A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2020-2236 | 1 Jenkins | 1 Yet Another Build Visualizer | 2024-08-04 | 5.4 Medium |
| Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Run/Update permission. | ||||
| CVE-2020-2174 | 1 Jenkins | 1 Awseb Deployment | 2024-08-04 | 6.1 Medium |
| Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability. | ||||
| CVE-2020-2258 | 1 Jenkins | 1 Health Advisor By Cloudbees | 2024-08-04 | 4.3 Medium |
| Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view that HTTP endpoint. | ||||
| CVE-2020-2292 | 1 Jenkins | 1 Release | 2024-08-04 | 5.4 Medium |
| Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Release/Release permission. | ||||
| CVE-2020-2239 | 1 Jenkins | 1 Parameterized Remote Trigger | 2024-08-04 | 4.3 Medium |
| Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. | ||||
| CVE-2020-2287 | 1 Jenkins | 1 Audit Trail | 2024-08-04 | 5.3 Medium |
| Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL. | ||||
| CVE-2020-2272 | 1 Jenkins | 1 Elastest | 2024-08-04 | 4.3 Medium |
| A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | ||||
| CVE-2020-2274 | 1 Jenkins | 1 Elastest | 2024-08-04 | 5.5 Medium |
| Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2020-2209 | 1 Jenkins | 1 Testcomplete Support | 2024-08-04 | 4.3 Medium |
| Jenkins TestComplete support Plugin 2.4.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | ||||
| CVE-2020-2237 | 1 Jenkins | 1 Flaky Test Handler | 2024-08-04 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision. | ||||
| CVE-2020-2263 | 1 Jenkins | 1 Radiator View | 2024-08-04 | 5.4 Medium |
| Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | ||||
| CVE-2020-2200 | 1 Jenkins | 1 Play Framework | 2024-08-04 | 8.8 High |
| Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master. | ||||
| CVE-2020-2225 | 2 Jenkins, Redhat | 2 Matrix Project, Openshift | 2024-08-04 | 5.4 Medium |
| Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability. | ||||
| CVE-2020-2245 | 1 Jenkins | 1 Valgrind | 2024-08-04 | 7.1 High |
| Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2233 | 1 Jenkins | 1 Pipeline Maven Integration | 2024-08-04 | 6.5 Medium |
| A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | ||||
| CVE-2020-2227 | 1 Jenkins | 1 Deployer Framework | 2024-08-04 | 5.4 Medium |
| Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability. | ||||
| CVE-2020-2216 | 1 Jenkins | 1 Zephyr For Jira Test Management | 2024-08-04 | 4.3 Medium |
| A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified username and password. | ||||
| CVE-2020-2220 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-04 | 5.4 Medium |
| Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability. | ||||