OpenCVE

Filtered by vendor Jenkins Subscriptions

Total 1612 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2020-2199	1 Jenkins	1 Subversion Partial Release Manager	2024-11-21	6.1 Medium
Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulnerability.
CVE-2020-2198	1 Jenkins	1 Project Inheritance	2024-11-21	6.5 Medium
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure.
CVE-2020-2197	1 Jenkins	1 Project Inheritance	2024-11-21	4.3 Medium
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format.
CVE-2020-2196	1 Jenkins	1 Selenium	2024-11-21	8.0 High
Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin.
CVE-2020-2195	1 Jenkins	1 Compact Columns	2024-11-21	5.4 Medium
Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips, resulting in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission.
CVE-2020-2194	1 Jenkins	1 Echarts Api	2024-11-21	5.4 Medium
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability.
CVE-2020-2193	1 Jenkins	1 Echarts Api	2024-11-21	5.4 Medium
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability.
CVE-2020-2192	1 Jenkins	1 Self-organizing Swarm Modules	2024-11-21	6.5 Medium
A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels.
CVE-2020-2191	1 Jenkins	1 Self-organizing Swarm Modules	2024-11-21	4.3 Medium
Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels.
CVE-2020-2190	2 Jenkins, Redhat	2 Script Security, Openshift	2024-11-21	5.4 Medium
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability.
CVE-2020-2189	1 Jenkins	1 Source Code Management Filter Jervis	2024-11-21	8.8 High
Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
CVE-2020-2188	1 Jenkins	1 Amazon Ec2	2024-11-21	4.3 Medium
A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
CVE-2020-2187	1 Jenkins	1 Amazon Ec2	2024-11-21	5.6 Medium
Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks.
CVE-2020-2186	1 Jenkins	1 Amazon Ec2	2024-11-21	4.3 Medium
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances.
CVE-2020-2185	1 Jenkins	1 Amazon Ec2	2024-11-21	5.6 Medium
Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks.
CVE-2020-2184	1 Jenkins	1 Current Versions Systems	2024-11-21	4.3 Medium
A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL.
CVE-2020-2183	1 Jenkins	1 Copy Artifact	2024-11-21	6.5 Medium
Jenkins Copy Artifact Plugin 1.43.1 and earlier performs improper permission checks, allowing attackers to copy artifacts from jobs they have no permission to access.
CVE-2020-2182	2 Jenkins, Redhat	2 Credentials Binding, Openshift	2024-11-21	4.3 Medium
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances.
CVE-2020-2181	2 Jenkins, Redhat	2 Credentials Binding, Openshift	2024-11-21	6.5 Medium
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.
CVE-2020-2180	1 Jenkins	1 Amazon Web Services Serverless Application Model	2024-11-21	8.8 High
Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.

« first previous Page 45 of 81. next last »