|
199281
|
8.8 |
HIGH
Network
|
jenkins
|
literate
|
Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-2158
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199282
|
4.3 |
MEDIUM
Network
|
jenkins
|
skytap_cloud_ci
|
Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-2157
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199283
|
4.3 |
MEDIUM
Network
|
jenkins
|
deployhub
|
Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-2156
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199284
|
5.3 |
MEDIUM
Network
|
jenkins
|
openshift_deployer
|
Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-2155
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199285
|
5.5 |
MEDIUM
Local
|
jenkins
|
zephyr_for_jira_test_management
|
Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-2154
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199286
|
4.3 |
MEDIUM
Network
|
jenkins
|
backlog
|
Jenkins Backlog Plugin 2.4 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-2153
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199287
|
6.1 |
MEDIUM
Network
|
jenkins
|
subversion_release_manager
|
Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-2152
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199288
|
5.3 |
MEDIUM
Network
|
jenkins
|
quality_gates
|
Jenkins Quality Gates Plugin 2.5 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-2151
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199289
|
5.3 |
MEDIUM
Network
|
jenkins
|
sonar_quality_gates
|
Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-2150
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199290
|
5.3 |
MEDIUM
Network
|
jenkins
|
repository_connector
|
Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-2149
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
