Filtered by vendor Jenkins
Subscriptions
Total
1612 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-2261 | 1 Jenkins | 1 Perfecto | 2024-11-21 | 8.8 High |
Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller | ||||
CVE-2020-2260 | 1 Jenkins | 1 Perfecto | 2024-11-21 | 4.3 Medium |
A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. | ||||
CVE-2020-2259 | 1 Jenkins | 1 Computer Queue | 2024-11-21 | 5.4 Medium |
Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. | ||||
CVE-2020-2258 | 1 Jenkins | 1 Health Advisor By Cloudbees | 2024-11-21 | 4.3 Medium |
Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view that HTTP endpoint. | ||||
CVE-2020-2257 | 1 Jenkins | 1 Validating String Parameter | 2024-11-21 | 5.4 Medium |
Jenkins Validating String Parameter Plugin 2.4 and earlier does not escape various user-controlled fields, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | ||||
CVE-2020-2256 | 1 Jenkins | 1 Pipeline Maven Integration | 2024-11-21 | 5.4 Medium |
Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | ||||
CVE-2020-2255 | 2 Jenkins, Redhat | 2 Blue Ocean, Openshift | 2024-11-21 | 4.3 Medium |
A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | ||||
CVE-2020-2254 | 2 Jenkins, Redhat | 2 Blue Ocean, Openshift | 2024-11-21 | 6.5 Medium |
Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system. | ||||
CVE-2020-2253 | 1 Jenkins | 1 Email Extension | 2024-11-21 | 4.8 Medium |
Jenkins Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server. | ||||
CVE-2020-2252 | 2 Jenkins, Redhat | 2 Mailer, Openshift | 2024-11-21 | 4.8 Medium |
Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server. | ||||
CVE-2020-2251 | 1 Jenkins | 2 Jenkins, Soapui Pro Functional Testing | 2024-11-21 | 4.3 Medium |
Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure. | ||||
CVE-2020-2250 | 1 Jenkins | 1 Soapui Pro Functional Testing | 2024-11-21 | 6.5 Medium |
Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system. | ||||
CVE-2020-2249 | 1 Jenkins | 1 Team Foundation Server | 2024-11-21 | 3.3 Low |
Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. | ||||
CVE-2020-2248 | 1 Jenkins | 1 Jsgames | 2024-11-21 | 6.1 Medium |
Jenkins JSGames Plugin 0.2 and earlier evaluates part of a URL as code, resulting in a reflected cross-site scripting (XSS) vulnerability. | ||||
CVE-2020-2247 | 1 Jenkins | 1 Klocwork Analysis | 2024-11-21 | 6.5 Medium |
Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
CVE-2020-2246 | 1 Jenkins | 1 Valgrind | 2024-11-21 | 5.4 Medium |
Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Valgrind XML report contents. | ||||
CVE-2020-2245 | 1 Jenkins | 1 Valgrind | 2024-11-21 | 7.1 High |
Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
CVE-2020-2244 | 1 Jenkins | 1 Build Failure Analyzer | 2024-11-21 | 5.4 Medium |
Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications. | ||||
CVE-2020-2243 | 1 Jenkins | 1 Cadence Vmanager | 2024-11-21 | 5.4 Medium |
Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission. | ||||
CVE-2020-2242 | 1 Jenkins | 1 Database | 2024-11-21 | 6.5 Medium |
A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials. |