Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2264 | 1 Jenkins | 1 Custom Job Icon | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
|
|||||
| CVE-2020-2263 | 1 Jenkins | 1 Radiator View | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
|
|||||
| CVE-2020-2262 | 1 Jenkins | 1 Android Lint | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin's post-build step.
|
|||||
| CVE-2020-2259 | 1 Jenkins | 1 Computer Queue | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.
|
|||||
| CVE-2020-2257 | 1 Jenkins | 1 Validating String Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Validating String Parameter Plugin 2.4 and earlier does not escape various user-controlled fields, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
|
|||||
| CVE-2020-2256 | 1 Jenkins | 1 Pipeline Maven Integration | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
|
|||||
| CVE-2020-2248 | 1 Jenkins | 1 Jsgames | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Jenkins JSGames Plugin 0.2 and earlier evaluates part of a URL as code, resulting in a reflected cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2020-2246 | 1 Jenkins | 1 Valgrind | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Valgrind XML report contents.
|
|||||
| CVE-2020-2244 | 1 Jenkins | 1 Build Failure Analyzer | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications.
|
|||||
| CVE-2020-2243 | 1 Jenkins | 1 Cadence Vmanager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.
|
|||||
| CVE-2020-2238 | 1 Jenkins | 1 Git Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
|
|||||
| CVE-2020-2236 | 1 Jenkins | 1 Yet Another Build Visualizer | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Run/Update permission.
|
|||||
| CVE-2020-2231 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token.
|
|||||
| CVE-2020-2230 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.
|
|||||
| CVE-2020-2229 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2020-2227 | 1 Jenkins | 1 Deployer Framework | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability.
|
|||||
| CVE-2020-2226 | 1 Jenkins | 1 Matrix Authorization Strategy | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the configuration, resulting in a stored cross-site scripting vulnerability.
|
|||||
| CVE-2020-2225 | 1 Jenkins | 1 Matrix Project | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability.
|
|||||
| CVE-2020-2224 | 1 Jenkins | 1 Matrix Project | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerability.
|
|||||
| CVE-2020-2223 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability.
|
|||||
| CVE-2020-2222 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability.
|
|||||
| CVE-2020-2221 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability.
|
|||||
| CVE-2020-2220 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability.
|
|||||
| CVE-2020-2219 | 1 Jenkins | 1 Link Column | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Link Column Plugin 1.0 and earlier does not filter URLs of links created by users with View/Configure permission, resulting in a stored cross-site scripting vulnerability.
|
|||||
| CVE-2020-2217 | 1 Praqma | 1 Compatibility Action Storage | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not escape the content coming from the MongoDB in the testConnection form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2020-2214 | 1 Jenkins | 1 Zap Pipeline | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.
|
|||||
| CVE-2020-2207 | 1 Jenkins | 1 Vncviewer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Jenkins VncViewer Plugin 1.7 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2020-2206 | 1 Jenkins | 1 Vncrecorder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Jenkins VncRecorder Plugin 1.25 and earlier does not escape a parameter value in the checkVncServ form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2020-2205 | 1 Jenkins | 1 Vncrecorder | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Jenkins VncRecorder Plugin 1.25 and earlier does not escape a tool path in the `checkVncServ` form validation endpoint, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by Jenkins administrators.
|
|||||
| CVE-2020-2201 | 1 Jenkins | 1 Sonargraph Integration | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation, resulting in a stored cross-site scripting vulnerability.
|
|||||
| CVE-2020-2199 | 1 Jenkins | 1 Subversion Partial Release Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulnerability.
|
|||||
| CVE-2020-2195 | 1 Jenkins | 1 Compact Columns | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips, resulting in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission.
|
|||||
| CVE-2020-2194 | 1 Jenkins | 1 Echarts Api | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability.
|
|||||
| CVE-2020-2193 | 1 Jenkins | 1 Echarts Api | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability.
|
|||||
| CVE-2020-2190 | 1 Jenkins | 1 Script Security | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability.
|
|||||
| CVE-2020-2176 | 1 Jenkins | 1 Usemango Runner | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Multiple form validation endpoints in Jenkins useMango Runner Plugin 1.4 and earlier do not escape values received from the useMango service, resulting in a cross-site scripting (XSS) vulnerability exploitable by users able to control the values returned from the useMango service.
|
|||||
| CVE-2020-2175 | 1 Jenkins | 1 Fitnesse | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control the XML input files processed by the plugin.
|
|||||
| CVE-2020-2174 | 1 Jenkins | 1 Awseb Deployment | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability.
|
|||||
| CVE-2020-2173 | 1 Jenkins | 1 Gatling | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Gatling Plugin 1.2.7 and earlier prevents Content-Security-Policy headers from being set for Gatling reports served by the plugin, resulting in an XSS vulnerability exploitable by users able to change report content.
|
|||||
| CVE-2020-2170 | 1 Jenkins | 1 Rapiddeploy | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability.
|
|||||