Filtered by vendor Jenkins
Subscribe
Total
1603 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2252 | 1 Jenkins | 1 Mailer | 2023-10-25 | 5.8 MEDIUM | 4.8 MEDIUM |
| Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server. | |||||
| CVE-2020-2251 | 1 Jenkins | 2 Jenkins, Soapui Pro Functional Testing | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure. | |||||
| CVE-2020-2250 | 1 Jenkins | 1 Soapui Pro Functional Testing | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system. | |||||
| CVE-2020-2249 | 1 Jenkins | 1 Team Foundation Server | 2023-10-25 | 2.1 LOW | 3.3 LOW |
| Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. | |||||
| CVE-2020-2247 | 1 Jenkins | 1 Klocwork Analysis | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2020-2245 | 1 Jenkins | 1 Valgrind | 2023-10-25 | 5.5 MEDIUM | 7.1 HIGH |
| Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2020-2242 | 1 Jenkins | 1 Database | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials. | |||||
| CVE-2020-2240 | 1 Jenkins | 1 Database | 2023-10-25 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts. | |||||
| CVE-2020-2239 | 1 Jenkins | 1 Parameterized Remote Trigger | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. | |||||
| CVE-2020-2237 | 1 Jenkins | 1 Flaky Test Handler | 2023-10-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision. | |||||
| CVE-2020-2235 | 1 Jenkins | 1 Pipeline Maven Integration | 2023-10-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. | |||||
| CVE-2020-2234 | 1 Jenkins | 1 Pipeline Maven Integration | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. | |||||
| CVE-2020-2233 | 1 Jenkins | 1 Pipeline Maven Integration | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | |||||
| CVE-2020-2232 | 1 Jenkins | 1 Email Extension | 2023-10-25 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure. | |||||
| CVE-2020-2228 | 1 Jenkins | 1 Gitlab Authentication | 2023-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability. | |||||
| CVE-2020-2227 | 1 Jenkins | 1 Deployer Framework | 2023-10-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2020-2226 | 1 Jenkins | 1 Matrix Authorization Strategy | 2023-10-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the configuration, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2020-2225 | 1 Jenkins | 1 Matrix Project | 2023-10-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2020-2224 | 1 Jenkins | 1 Matrix Project | 2023-10-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2020-2223 | 1 Jenkins | 1 Jenkins | 2023-10-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability. | |||||