Filtered by vendor Jenkins
Subscriptions
Total
1606 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-2205 | 1 Jenkins | 1 Vncrecorder | 2024-08-04 | 4.8 Medium |
| Jenkins VncRecorder Plugin 1.25 and earlier does not escape a tool path in the `checkVncServ` form validation endpoint, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by Jenkins administrators. | ||||
| CVE-2020-2139 | 1 Jenkins | 1 Cobertura | 2024-08-04 | 6.5 Medium |
| An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system. | ||||
| CVE-2020-2196 | 1 Jenkins | 1 Selenium | 2024-08-04 | 8.0 High |
| Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin. | ||||
| CVE-2020-2180 | 1 Jenkins | 1 Amazon Web Services Serverless Application Model | 2024-08-04 | 8.8 High |
| Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2172 | 1 Jenkins | 1 Code Coverage Api | 2024-08-04 | 6.5 Medium |
| Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2191 | 1 Jenkins | 1 Self-organizing Swarm Modules | 2024-08-04 | 4.3 Medium |
| Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels. | ||||
| CVE-2020-2161 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-04 | 5.4 Medium |
| Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels. | ||||
| CVE-2020-2182 | 2 Jenkins, Redhat | 2 Credentials Binding, Openshift | 2024-08-04 | 4.3 Medium |
| Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances. | ||||
| CVE-2020-2192 | 1 Jenkins | 1 Self-organizing Swarm Modules | 2024-08-04 | 6.5 Medium |
| A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels. | ||||
| CVE-2020-2178 | 1 Jenkins | 1 Parasoft Findings | 2024-08-04 | 7.1 High |
| Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2179 | 1 Jenkins | 1 Yaml Axis | 2024-08-04 | 8.8 High |
| Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2186 | 1 Jenkins | 1 Amazon Ec2 | 2024-08-04 | 4.3 Medium |
| A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances. | ||||
| CVE-2020-2188 | 1 Jenkins | 1 Amazon Ec2 | 2024-08-04 | 4.3 Medium |
| A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | ||||
| CVE-2020-2142 | 1 Jenkins | 1 P4 | 2024-08-04 | 4.3 Medium |
| A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier allows attackers with Overall/Read permission to trigger builds. | ||||
| CVE-2020-2187 | 1 Jenkins | 1 Amazon Ec2 | 2024-08-04 | 5.6 Medium |
| Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks. | ||||
| CVE-2020-2148 | 1 Jenkins | 1 Mac | 2024-08-04 | 4.3 Medium |
| A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. | ||||
| CVE-2020-2159 | 1 Jenkins | 1 Cryptomove | 2024-08-04 | 8.8 High |
| Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins. | ||||
| CVE-2020-2130 | 1 Jenkins | 1 Harvest Scm | 2024-08-04 | 6.5 Medium |
| Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | ||||
| CVE-2020-2184 | 1 Jenkins | 1 Current Versions Systems | 2024-08-04 | 4.3 Medium |
| A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL. | ||||
| CVE-2020-2181 | 2 Jenkins, Redhat | 2 Credentials Binding, Openshift | 2024-08-04 | 6.5 Medium |
| Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps. | ||||