Filtered by vendor Jenkins
Subscriptions
Total
1606 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-2235 | 1 Jenkins | 1 Pipeline Maven Integration | 2024-08-04 | 6.5 Medium |
A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. | ||||
CVE-2020-2202 | 1 Jenkins | 1 Fortify On Demand | 2024-08-04 | 4.3 Medium |
A missing permission check in Jenkins Fortify on Demand Plugin 6.0.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | ||||
CVE-2020-2197 | 1 Jenkins | 1 Project Inheritance | 2024-08-04 | 4.3 Medium |
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format. | ||||
CVE-2020-2155 | 1 Jenkins | 1 Openshift Deployer | 2024-08-04 | 5.3 Medium |
Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | ||||
CVE-2020-2215 | 1 Jenkins | 1 Zephyr For Jira Test Management | 2024-08-04 | 4.3 Medium |
A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified username and password. | ||||
CVE-2020-2168 | 1 Jenkins | 1 Azure Container Service | 2024-08-04 | 8.8 High |
Jenkins Azure Container Service Plugin 1.0.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
CVE-2020-2135 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-08-04 | 8.8 High |
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable. | ||||
CVE-2020-2223 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-04 | 5.4 Medium |
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability. | ||||
CVE-2020-2147 | 1 Jenkins | 1 Mac | 2024-08-04 | 4.3 Medium |
A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. | ||||
CVE-2020-2128 | 1 Jenkins | 1 Ecx Copy Data Management | 2024-08-04 | 4.3 Medium |
Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | ||||
CVE-2020-2194 | 1 Jenkins | 1 Echarts Api | 2024-08-04 | 5.4 Medium |
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability. | ||||
CVE-2020-2228 | 1 Jenkins | 1 Gitlab Authentication | 2024-08-04 | 8.8 High |
Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability. | ||||
CVE-2020-2146 | 1 Jenkins | 1 Mac | 2024-08-04 | 7.4 High |
Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. | ||||
CVE-2020-2221 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-04 | 5.4 Medium |
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability. | ||||
CVE-2020-2201 | 1 Jenkins | 1 Sonargraph Integration | 2024-08-04 | 5.4 Medium |
Jenkins Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation, resulting in a stored cross-site scripting vulnerability. | ||||
CVE-2020-2195 | 1 Jenkins | 1 Compact Columns | 2024-08-04 | 5.4 Medium |
Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips, resulting in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission. | ||||
CVE-2020-2214 | 1 Jenkins | 1 Zap Pipeline | 2024-08-04 | 5.4 Medium |
Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | ||||
CVE-2020-2183 | 1 Jenkins | 1 Copy Artifact | 2024-08-04 | 6.5 Medium |
Jenkins Copy Artifact Plugin 1.43.1 and earlier performs improper permission checks, allowing attackers to copy artifacts from jobs they have no permission to access. | ||||
CVE-2020-2124 | 1 Jenkins | 1 Dynamic Extended Choice Parameter | 2024-08-04 | 4.3 Medium |
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | ||||
CVE-2020-2140 | 1 Jenkins | 1 Audit Trail | 2024-08-04 | 6.1 Medium |
Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. |