Filtered by vendor Jenkins
Subscribe
Total
1744 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2251 | 1 Jenkins | 2 Jenkins, Soapui Pro Functional Testing | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.
|
|||||
| CVE-2020-2250 | 1 Jenkins | 1 Soapui Pro Functional Testing | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system.
|
|||||
| CVE-2020-2249 | 1 Jenkins | 1 Team Foundation Server | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.
|
|||||
| CVE-2020-2248 | 1 Jenkins | 1 Jsgames | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Jenkins JSGames Plugin 0.2 and earlier evaluates part of a URL as code, resulting in a reflected cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2020-2247 | 1 Jenkins | 1 Klocwork Analysis | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
|
|||||
| CVE-2020-2246 | 1 Jenkins | 1 Valgrind | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Valgrind XML report contents.
|
|||||
| CVE-2020-2245 | 1 Jenkins | 1 Valgrind | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
|
Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
|
|||||
| CVE-2020-2244 | 1 Jenkins | 1 Build Failure Analyzer | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications.
|
|||||
| CVE-2020-2243 | 1 Jenkins | 1 Cadence Vmanager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.
|
|||||
| CVE-2020-2242 | 1 Jenkins | 1 Database | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials.
|
|||||
| CVE-2020-2241 | 1 Jenkins | 1 Database | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials.
|
|||||
| CVE-2020-2240 | 1 Jenkins | 1 Database | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts.
|
|||||
| CVE-2020-2239 | 1 Jenkins | 1 Parameterized Remote Trigger | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.
|
|||||
| CVE-2020-2238 | 1 Jenkins | 1 Git Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
|
|||||
| CVE-2020-2237 | 1 Jenkins | 1 Flaky Test Handler | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision.
|
|||||
| CVE-2020-2236 | 1 Jenkins | 1 Yet Another Build Visualizer | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Run/Update permission.
|
|||||
| CVE-2020-2235 | 1 Jenkins | 1 Pipeline Maven Integration | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins.
|
|||||
| CVE-2020-2234 | 1 Jenkins | 1 Pipeline Maven Integration | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins.
|
|||||
| CVE-2020-2233 | 1 Jenkins | 1 Pipeline Maven Integration | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
|
|||||
| CVE-2020-2232 | 1 Jenkins | 1 Email Extension | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure.
|
|||||
| CVE-2020-2231 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token.
|
|||||
| CVE-2020-2230 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.
|
|||||
| CVE-2020-2229 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2020-2228 | 1 Jenkins | 1 Gitlab Authentication | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability.
|
|||||
| CVE-2020-2227 | 1 Jenkins | 1 Deployer Framework | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability.
|
|||||
| CVE-2020-2226 | 1 Jenkins | 1 Matrix Authorization Strategy | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the configuration, resulting in a stored cross-site scripting vulnerability.
|
|||||
| CVE-2020-2225 | 1 Jenkins | 1 Matrix Project | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability.
|
|||||
| CVE-2020-2224 | 1 Jenkins | 1 Matrix Project | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerability.
|
|||||
| CVE-2020-2223 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability.
|
|||||
| CVE-2020-2222 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability.
|
|||||
| CVE-2020-2221 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability.
|
|||||
| CVE-2020-2220 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability.
|
|||||
| CVE-2020-2219 | 1 Jenkins | 1 Link Column | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Link Column Plugin 1.0 and earlier does not filter URLs of links created by users with View/Configure permission, resulting in a stored cross-site scripting vulnerability.
|
|||||
| CVE-2020-2216 | 1 Jenkins | 1 Zephyr For Jira Test Management | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified username and password.
|
|||||
| CVE-2020-2215 | 1 Jenkins | 1 Zephyr For Jira Test Management | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified username and password.
|
|||||
| CVE-2020-2214 | 1 Jenkins | 1 Zap Pipeline | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.
|
|||||
| CVE-2020-2213 | 1 Jenkins | 1 White Source | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Jenkins White Source Plugin 19.1.1 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission (config.xml), or access to the master file system.
|
|||||
| CVE-2020-2212 | 1 Jenkins | 1 Github Coverage Reporter | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Jenkins GitHub Coverage Reporter Plugin 1.8 and earlier stores secrets unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system or read permissions on the system configuration.
|
|||||
| CVE-2020-2211 | 1 Jenkins | 1 Kubernetes Ci | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
|
|||||
| CVE-2020-2210 | 1 Jenkins | 1 Stash Branch Parameter | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
|
|||||