Filtered by vendor Jenkins
Subscriptions
Total
1606 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-2279 | 1 Jenkins | 1 Script Security | 2024-08-04 | 9.9 Critical |
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM. | ||||
CVE-2020-2244 | 1 Jenkins | 1 Build Failure Analyzer | 2024-08-04 | 5.4 Medium |
Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications. | ||||
CVE-2020-2257 | 1 Jenkins | 1 Validating String Parameter | 2024-08-04 | 5.4 Medium |
Jenkins Validating String Parameter Plugin 2.4 and earlier does not escape various user-controlled fields, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | ||||
CVE-2020-2241 | 1 Jenkins | 1 Database | 2024-08-04 | 8.8 High |
A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials. | ||||
CVE-2020-2229 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-04 | 5.4 Medium |
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability. | ||||
CVE-2020-2198 | 1 Jenkins | 1 Project Inheritance | 2024-08-04 | 6.5 Medium |
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure. | ||||
CVE-2020-2203 | 1 Jenkins | 1 Fortify On Demand | 2024-08-04 | 4.3 Medium |
A cross-site request forgery vulnerability in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs. | ||||
CVE-2020-2199 | 1 Jenkins | 1 Subversion Partial Release Manager | 2024-08-04 | 6.1 Medium |
Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulnerability. | ||||
CVE-2020-2193 | 1 Jenkins | 1 Echarts Api | 2024-08-04 | 5.4 Medium |
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability. | ||||
CVE-2020-2252 | 2 Jenkins, Redhat | 2 Mailer, Openshift | 2024-08-04 | 4.8 Medium |
Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server. | ||||
CVE-2020-2208 | 1 Jenkins | 1 Slack Upload | 2024-08-04 | 4.3 Medium |
Jenkins Slack Upload Plugin 1.7 and earlier stores a secret unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | ||||
CVE-2020-2234 | 1 Jenkins | 1 Pipeline Maven Integration | 2024-08-04 | 6.5 Medium |
A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. | ||||
CVE-2020-2189 | 1 Jenkins | 1 Source Code Management Filter Jervis | 2024-08-04 | 8.8 High |
Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
CVE-2020-2222 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-04 | 5.4 Medium |
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability. | ||||
CVE-2020-2240 | 1 Jenkins | 1 Database | 2024-08-04 | 8.8 High |
A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts. | ||||
CVE-2020-2219 | 1 Jenkins | 1 Link Column | 2024-08-04 | 5.4 Medium |
Jenkins Link Column Plugin 1.0 and earlier does not filter URLs of links created by users with View/Configure permission, resulting in a stored cross-site scripting vulnerability. | ||||
CVE-2020-2119 | 1 Jenkins | 1 Azure Ad | 2024-08-04 | 5.3 Medium |
Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | ||||
CVE-2020-2211 | 1 Jenkins | 1 Kubernetes Ci | 2024-08-04 | 8.8 High |
Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
CVE-2020-2157 | 1 Jenkins | 1 Skytap Cloud Ci | 2024-08-04 | 4.3 Medium |
Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | ||||
CVE-2020-2177 | 1 Jenkins | 1 Copr | 2024-08-04 | 4.3 Medium |
Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. |