Filtered by vendor Jenkins
Subscriptions
Total
1606 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-2213 | 1 Jenkins | 1 White Source | 2024-08-04 | 4.3 Medium |
| Jenkins White Source Plugin 19.1.1 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission (config.xml), or access to the master file system. | ||||
| CVE-2020-2190 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-08-04 | 5.4 Medium |
| Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability. | ||||
| CVE-2020-2145 | 1 Jenkins | 1 Zephyr Enterprise Test Management | 2024-08-04 | 5.5 Medium |
| Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system. | ||||
| CVE-2020-2212 | 1 Jenkins | 1 Github Coverage Reporter | 2024-08-04 | 4.3 Medium |
| Jenkins GitHub Coverage Reporter Plugin 1.8 and earlier stores secrets unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system or read permissions on the system configuration. | ||||
| CVE-2020-2255 | 2 Jenkins, Redhat | 2 Blue Ocean, Openshift | 2024-08-04 | 4.3 Medium |
| A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | ||||
| CVE-2020-2269 | 1 Jenkins | 1 Chosen-views-tabbar | 2024-08-04 | 5.4 Medium |
| Jenkins chosen-views-tabbar Plugin 1.2 and earlier does not escape view names in the dropdown to select views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to configure views. | ||||
| CVE-2020-2291 | 1 Jenkins | 1 Couchdb-statistics | 2024-08-04 | 3.3 Low |
| Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2020-2277 | 1 Jenkins | 1 Storable Configs | 2024-08-04 | 6.5 Medium |
| Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller. | ||||
| CVE-2020-2185 | 1 Jenkins | 1 Amazon Ec2 | 2024-08-04 | 5.6 Medium |
| Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks. | ||||
| CVE-2020-2273 | 1 Jenkins | 1 Elastest | 2024-08-04 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | ||||
| CVE-2020-2265 | 1 Jenkins | 1 Coverage\/complexity Scatter Plot | 2024-08-04 | 5.4 Medium |
| Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin's post-build step. | ||||
| CVE-2020-2293 | 1 Jenkins | 1 Persona | 2024-08-04 | 6.5 Medium |
| Jenkins Persona Plugin 2.4 and earlier allows users with Overall/Read permission to read arbitrary files on the Jenkins controller. | ||||
| CVE-2020-2158 | 1 Jenkins | 1 Literate | 2024-08-04 | 8.8 High |
| Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2259 | 1 Jenkins | 1 Computer Queue | 2024-08-04 | 5.4 Medium |
| Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. | ||||
| CVE-2020-2267 | 1 Jenkins | 1 Mongodb | 2024-08-04 | 4.3 Medium |
| A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller. | ||||
| CVE-2020-2250 | 1 Jenkins | 1 Soapui Pro Functional Testing | 2024-08-04 | 6.5 Medium |
| Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system. | ||||
| CVE-2020-2231 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-04 | 5.4 Medium |
| Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token. | ||||
| CVE-2020-2260 | 1 Jenkins | 1 Perfecto | 2024-08-04 | 4.3 Medium |
| A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. | ||||
| CVE-2020-2141 | 1 Jenkins | 1 P4 | 2024-08-04 | 4.3 Medium |
| A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.10 and earlier allows attackers to trigger builds or add a labels in Perforce. | ||||
| CVE-2020-2232 | 1 Jenkins | 1 Email Extension | 2024-08-04 | 7.5 High |
| Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure. | ||||