Filtered by vendor Jenkins
Subscribe
Total
1608 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2240 | 1 Jenkins | 1 Database | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts. | |||||
| CVE-2020-2239 | 1 Jenkins | 1 Parameterized Remote Trigger | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. | |||||
| CVE-2020-2238 | 1 Jenkins | 1 Git Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2020-2237 | 1 Jenkins | 1 Flaky Test Handler | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision. | |||||
| CVE-2020-2236 | 1 Jenkins | 1 Yet Another Build Visualizer | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Run/Update permission. | |||||
| CVE-2020-2235 | 1 Jenkins | 1 Pipeline Maven Integration | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. | |||||
| CVE-2020-2234 | 1 Jenkins | 1 Pipeline Maven Integration | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. | |||||
| CVE-2020-2233 | 1 Jenkins | 1 Pipeline Maven Integration | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | |||||
| CVE-2020-2232 | 1 Jenkins | 1 Email Extension | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure. | |||||
| CVE-2020-2231 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token. | |||||
| CVE-2020-2230 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission. | |||||
| CVE-2020-2229 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability. | |||||
| CVE-2020-2228 | 1 Jenkins | 1 Gitlab Authentication | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability. | |||||
| CVE-2020-2227 | 1 Jenkins | 1 Deployer Framework | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2020-2226 | 1 Jenkins | 1 Matrix Authorization Strategy | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the configuration, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2020-2225 | 1 Jenkins | 1 Matrix Project | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2020-2224 | 1 Jenkins | 1 Matrix Project | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2020-2223 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2020-2222 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2020-2221 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability. | |||||