Filtered by vendor Jenkins
Subscriptions
Total
1606 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-2210 | 1 Jenkins | 1 Stash Branch Parameter | 2024-08-04 | 4.3 Medium |
| Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | ||||
| CVE-2020-2286 | 1 Jenkins | 1 Role-based Authorization Strategy | 2024-08-04 | 8.8 High |
| Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration. | ||||
| CVE-2020-2254 | 2 Jenkins, Redhat | 2 Blue Ocean, Openshift | 2024-08-04 | 6.5 Medium |
| Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system. | ||||
| CVE-2020-2248 | 1 Jenkins | 1 Jsgames | 2024-08-04 | 6.1 Medium |
| Jenkins JSGames Plugin 0.2 and earlier evaluates part of a URL as code, resulting in a reflected cross-site scripting (XSS) vulnerability. | ||||
| CVE-2020-2247 | 1 Jenkins | 1 Klocwork Analysis | 2024-08-04 | 6.5 Medium |
| Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2282 | 1 Jenkins | 1 Implied Labels | 2024-08-04 | 4.3 Medium |
| Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin. | ||||
| CVE-2020-2290 | 1 Jenkins | 1 Active Choices | 2024-08-04 | 5.4 Medium |
| Jenkins Active Choices Plugin 2.4 and earlier does not escape some return values of sandboxed scripts for Reactive Reference Parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | ||||
| CVE-2020-2207 | 1 Jenkins | 1 Vncviewer | 2024-08-04 | 6.1 Medium |
| Jenkins VncViewer Plugin 1.7 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. | ||||
| CVE-2020-2167 | 2 Jenkins, Redhat | 2 Openshift Pipeline, Openshift | 2024-08-04 | 8.8 High |
| Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2243 | 1 Jenkins | 1 Cadence Vmanager | 2024-08-04 | 5.4 Medium |
| Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission. | ||||
| CVE-2020-2204 | 1 Jenkins | 1 Fortify On Demand | 2024-08-04 | 5.4 Medium |
| A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs. | ||||
| CVE-2020-2206 | 1 Jenkins | 1 Vncrecorder | 2024-08-04 | 6.1 Medium |
| Jenkins VncRecorder Plugin 1.25 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. | ||||
| CVE-2020-2230 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-04 | 5.4 Medium |
| Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission. | ||||
| CVE-2020-2268 | 1 Jenkins | 1 Mongodb | 2024-08-04 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller. | ||||
| CVE-2020-2226 | 2 Jenkins, Redhat | 2 Matrix Authorization Strategy, Openshift | 2024-08-04 | 5.4 Medium |
| Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the configuration, resulting in a stored cross-site scripting vulnerability. | ||||
| CVE-2020-2261 | 1 Jenkins | 1 Perfecto | 2024-08-04 | 8.8 High |
| Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller | ||||
| CVE-2020-2173 | 1 Jenkins | 1 Gatling | 2024-08-04 | 5.4 Medium |
| Jenkins Gatling Plugin 1.2.7 and earlier prevents Content-Security-Policy headers from being set for Gatling reports served by the plugin, resulting in an XSS vulnerability exploitable by users able to change report content. | ||||
| CVE-2020-2224 | 2 Jenkins, Redhat | 2 Matrix Project, Openshift | 2024-08-04 | 5.4 Medium |
| Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerability. | ||||
| CVE-2020-2266 | 1 Jenkins | 1 Description Column | 2024-08-04 | 5.4 Medium |
| Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | ||||
| CVE-2020-2242 | 1 Jenkins | 1 Database | 2024-08-04 | 6.5 Medium |
| A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials. | ||||