Total
37093 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2205 | 1 Jenkins | 1 Vncrecorder | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Jenkins VncRecorder Plugin 1.25 and earlier does not escape a tool path in the `checkVncServ` form validation endpoint, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by Jenkins administrators. | |||||
| CVE-2020-2201 | 1 Jenkins | 1 Sonargraph Integration | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2020-2199 | 1 Jenkins | 1 Subversion Partial Release Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulnerability. | |||||
| CVE-2020-2195 | 1 Jenkins | 1 Compact Columns | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips, resulting in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission. | |||||
| CVE-2020-2194 | 1 Jenkins | 1 Echarts Api | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2020-2193 | 1 Jenkins | 1 Echarts Api | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2020-2190 | 1 Jenkins | 1 Script Security | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2020-2176 | 1 Jenkins | 1 Usemango Runner | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Multiple form validation endpoints in Jenkins useMango Runner Plugin 1.4 and earlier do not escape values received from the useMango service, resulting in a cross-site scripting (XSS) vulnerability exploitable by users able to control the values returned from the useMango service. | |||||
| CVE-2020-2175 | 1 Jenkins | 1 Fitnesse | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control the XML input files processed by the plugin. | |||||
| CVE-2020-2174 | 1 Jenkins | 1 Awseb Deployment | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability. | |||||
| CVE-2020-2173 | 1 Jenkins | 1 Gatling | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Gatling Plugin 1.2.7 and earlier prevents Content-Security-Policy headers from being set for Gatling reports served by the plugin, resulting in an XSS vulnerability exploitable by users able to change report content. | |||||
| CVE-2020-2170 | 1 Jenkins | 1 Rapiddeploy | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability. | |||||
| CVE-2020-2169 | 1 Jenkins | 1 Queue Cleanup | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and earlier does not properly escape a query parameter displayed in an error message, resulting in a reflected XSS vulnerability. | |||||
| CVE-2020-2163 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers. | |||||
| CVE-2020-2162 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability. | |||||
| CVE-2020-2161 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels. | |||||
| CVE-2020-2152 | 1 Jenkins | 1 Subversion Release Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability. | |||||
| CVE-2020-2140 | 1 Jenkins | 1 Audit Trail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. | |||||
| CVE-2020-2137 | 1 Jenkins | 1 Timestamper | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML formatting of its output, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission. | |||||
| CVE-2020-2136 | 1 Jenkins | 1 Git | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability. | |||||