Filtered by vendor Jenkins
Subscribe
Total
1608 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2198 | 1 Jenkins | 1 Project Inheritance | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure. | |||||
| CVE-2020-2197 | 1 Jenkins | 1 Project Inheritance | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format. | |||||
| CVE-2020-2196 | 1 Jenkins | 1 Selenium | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin. | |||||
| CVE-2020-2195 | 1 Jenkins | 1 Compact Columns | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips, resulting in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission. | |||||
| CVE-2020-2194 | 1 Jenkins | 1 Echarts Api | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2020-2193 | 1 Jenkins | 1 Echarts Api | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2020-2192 | 1 Jenkins | 1 Self-organizing Swarm Modules | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels. | |||||
| CVE-2020-2191 | 1 Jenkins | 1 Self-organizing Swarm Modules | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels. | |||||
| CVE-2020-2190 | 1 Jenkins | 1 Script Security | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2020-2189 | 1 Jenkins | 1 Source Code Management Filter Jervis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | |||||
| CVE-2020-2188 | 1 Jenkins | 1 Amazon Ec2 | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | |||||
| CVE-2020-2187 | 1 Jenkins | 1 Amazon Ec2 | 2024-11-21 | 6.8 MEDIUM | 5.6 MEDIUM |
| Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks. | |||||
| CVE-2020-2186 | 1 Jenkins | 1 Amazon Ec2 | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances. | |||||
| CVE-2020-2185 | 1 Jenkins | 1 Amazon Ec2 | 2024-11-21 | 6.8 MEDIUM | 5.6 MEDIUM |
| Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks. | |||||
| CVE-2020-2184 | 1 Jenkins | 1 Current Versions Systems | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL. | |||||
| CVE-2020-2183 | 1 Jenkins | 1 Copy Artifact | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Copy Artifact Plugin 1.43.1 and earlier performs improper permission checks, allowing attackers to copy artifacts from jobs they have no permission to access. | |||||
| CVE-2020-2182 | 1 Jenkins | 1 Credentials Binding | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances. | |||||
| CVE-2020-2181 | 1 Jenkins | 1 Credentials Binding | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps. | |||||
| CVE-2020-2180 | 1 Jenkins | 1 Amazon Web Services Serverless Application Model | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | |||||
| CVE-2020-2179 | 1 Jenkins | 1 Yaml Axis | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | |||||