Filtered by vendor Jenkins
Subscriptions
Total
1606 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-2133 | 1 Jenkins | 1 Applatix | 2024-08-04 | 6.5 Medium |
Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | ||||
CVE-2020-2105 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-04 | 5.4 Medium |
REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks. | ||||
CVE-2020-2156 | 1 Jenkins | 1 Deployhub | 2024-08-04 | 4.3 Medium |
Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | ||||
CVE-2020-2143 | 1 Jenkins | 1 Logstash | 2024-08-04 | 5.3 Medium |
Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | ||||
CVE-2020-2151 | 1 Jenkins | 1 Quality Gates | 2024-08-04 | 5.3 Medium |
Jenkins Quality Gates Plugin 2.5 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | ||||
CVE-2020-2134 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-08-04 | 8.8 High |
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies. | ||||
CVE-2020-2154 | 1 Jenkins | 1 Zephyr For Jira Test Management | 2024-08-04 | 5.5 Medium |
Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system. | ||||
CVE-2020-2125 | 1 Jenkins | 1 Debian Package Builder | 2024-08-04 | 4.3 Medium |
Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | ||||
CVE-2020-2162 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-04 | 5.4 Medium |
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability. | ||||
CVE-2020-2118 | 1 Jenkins | 1 Pipeline Github Notify Step | 2024-08-04 | 4.3 Medium |
A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | ||||
CVE-2020-2153 | 1 Jenkins | 1 Backlog | 2024-08-04 | 4.3 Medium |
Jenkins Backlog Plugin 2.4 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | ||||
CVE-2020-2123 | 1 Jenkins | 1 Radargun | 2024-08-04 | 8.8 High |
Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
CVE-2020-2171 | 1 Jenkins | 1 Rapiddeploy | 2024-08-04 | 8.8 High |
Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
CVE-2020-2122 | 1 Jenkins | 1 Brakeman | 2024-08-04 | 5.4 Medium |
Jenkins Brakeman Plugin 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability exploitable by users able to control the Brakeman post-build step input data. | ||||
CVE-2020-2115 | 1 Jenkins | 1 Nunit | 2024-08-04 | 8.8 High |
Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. | ||||
CVE-2020-2175 | 1 Jenkins | 1 Fitnesse | 2024-08-04 | 5.4 Medium |
Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control the XML input files processed by the plugin. | ||||
CVE-2020-2117 | 1 Jenkins | 1 Pipeline Github Notify Step | 2024-08-04 | 4.3 Medium |
A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
CVE-2020-2132 | 1 Jenkins | 1 Parasoft Environment Manager | 2024-08-04 | 6.5 Medium |
Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | ||||
CVE-2020-2149 | 1 Jenkins | 1 Repository Connector | 2024-08-04 | 5.3 Medium |
Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | ||||
CVE-2020-2112 | 1 Jenkins | 1 Git Parameter | 2024-08-04 | 5.4 Medium |
Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission. |