Vulnerabilities (CVE)

Filtered by CWE-862
Total 2747 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-21625 1 Jenkins 1 Cloudbees Aws Credentials 2023-10-25 4.0 MEDIUM 4.3 MEDIUM
Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some circumstances.
CVE-2020-2323 1 Netflix 1 Chaos Monkey 2023-10-25 5.0 MEDIUM 5.3 MEDIUM
Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions.
CVE-2020-2322 1 Netflix 1 Chaos Monkey 2023-10-25 5.0 MEDIUM 7.5 HIGH
Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks.
CVE-2020-2302 1 Jenkins 1 Active Directory 2023-10-25 4.0 MEDIUM 4.3 MEDIUM
A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page.
CVE-2020-2285 1 Jenkins 1 Liquibase Runner 2023-10-25 4.0 MEDIUM 4.3 MEDIUM
A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2020-2282 1 Jenkins 1 Implied Labels 2023-10-25 4.0 MEDIUM 4.3 MEDIUM
Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin.
CVE-2020-2272 1 Jenkins 1 Elastest 2023-10-25 4.0 MEDIUM 4.3 MEDIUM
A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
CVE-2020-2267 1 Jenkins 1 Mongodb 2023-10-25 4.0 MEDIUM 4.3 MEDIUM
A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller.
CVE-2020-2260 1 Jenkins 1 Perfecto 2023-10-25 4.0 MEDIUM 4.3 MEDIUM
A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials.
CVE-2020-2255 1 Jenkins 1 Blue Ocean 2023-10-25 4.0 MEDIUM 4.3 MEDIUM
A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
CVE-2020-2242 1 Jenkins 1 Database 2023-10-25 4.0 MEDIUM 6.5 MEDIUM
A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials.
CVE-2020-2234 1 Jenkins 1 Pipeline Maven Integration 2023-10-25 4.0 MEDIUM 6.5 MEDIUM
A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins.
CVE-2020-2216 1 Jenkins 1 Zephyr For Jira Test Management 2023-10-25 4.0 MEDIUM 4.3 MEDIUM
A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified username and password.
CVE-2020-2204 1 Jenkins 1 Fortify On Demand 2023-10-25 5.5 MEDIUM 5.4 MEDIUM
A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs.
CVE-2020-2202 1 Jenkins 1 Fortify On Demand 2023-10-25 4.0 MEDIUM 4.3 MEDIUM
A missing permission check in Jenkins Fortify on Demand Plugin 6.0.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
CVE-2020-2142 1 Jenkins 1 P4 2023-10-25 4.0 MEDIUM 4.3 MEDIUM
A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier allows attackers with Overall/Read permission to trigger builds.
CVE-2020-2094 1 Jenkins 1 Health Advisor By Cloudbees 2023-10-25 4.0 MEDIUM 4.3 MEDIUM
A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient.
CVE-2020-2091 1 Jenkins 1 Amazon Ec2 2023-10-25 5.5 MEDIUM 8.1 HIGH
A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method.
CVE-2019-16576 1 Jenkins 1 Alauda Kubernetes Support 2023-10-25 4.0 MEDIUM 6.5 MEDIUM
A missing permission check in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials stored in Jenkins.
CVE-2019-16574 1 Jenkins 1 Alauda Devops Pipeline 2023-10-25 4.0 MEDIUM 6.5 MEDIUM
A missing permission check in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.