Filtered by vendor Jenkins
Subscribe
Total
1702 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2269 | 1 Jenkins | 1 Chosen-views-tabbar | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins chosen-views-tabbar Plugin 1.2 and earlier does not escape view names in the dropdown to select views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to configure views. | |||||
| CVE-2020-2268 | 1 Jenkins | 1 Mongodb | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller. | |||||
| CVE-2020-2267 | 1 Jenkins | 1 Mongodb | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller. | |||||
| CVE-2020-2266 | 1 Jenkins | 1 Description Column | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2020-2265 | 1 Jenkins | 1 Coverage\/complexity Scatter Plot | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin's post-build step. | |||||
| CVE-2020-2264 | 1 Jenkins | 1 Custom Job Icon | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2020-2263 | 1 Jenkins | 1 Radiator View | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2020-2262 | 1 Jenkins | 1 Android Lint | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin's post-build step. | |||||
| CVE-2020-2261 | 1 Jenkins | 1 Perfecto | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller | |||||
| CVE-2020-2260 | 1 Jenkins | 1 Perfecto | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. | |||||
| CVE-2020-2259 | 1 Jenkins | 1 Computer Queue | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. | |||||
| CVE-2020-2258 | 1 Jenkins | 1 Health Advisor By Cloudbees | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view that HTTP endpoint. | |||||
| CVE-2020-2257 | 1 Jenkins | 1 Validating String Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Validating String Parameter Plugin 2.4 and earlier does not escape various user-controlled fields, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2020-2256 | 1 Jenkins | 1 Pipeline Maven Integration | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2020-2255 | 1 Jenkins | 1 Blue Ocean | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | |||||
| CVE-2020-2254 | 1 Jenkins | 1 Blue Ocean | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system. | |||||
| CVE-2020-2253 | 1 Jenkins | 1 Email Extension | 2024-11-21 | 5.8 MEDIUM | 4.8 MEDIUM |
| Jenkins Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server. | |||||
| CVE-2020-2252 | 1 Jenkins | 1 Mailer | 2024-11-21 | 5.8 MEDIUM | 4.8 MEDIUM |
| Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server. | |||||
| CVE-2020-2251 | 1 Jenkins | 2 Jenkins, Soapui Pro Functional Testing | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure. | |||||
| CVE-2020-2250 | 1 Jenkins | 1 Soapui Pro Functional Testing | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system. | |||||