|
200631
|
5.4 |
MEDIUM
Network
|
jenkins
|
build_failure_analyzer
|
Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers …
|
CWE-79
Cross-site Scripting
|
CVE-2020-2244
|
2024-11-21 14:25 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200632
|
5.4 |
MEDIUM
Network
|
jenkins
|
cadence_vmanager
|
Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Upda…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2243
|
2024-11-21 14:25 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200633
|
6.5 |
MEDIUM
Network
|
jenkins
|
database
|
A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified…
|
CWE-862
Missing Authorization
|
CVE-2020-2242
|
2024-11-21 14:25 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200634
|
8.8 |
HIGH
Network
|
jenkins
|
database
|
A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials.
|
CWE-352
Origin Validation Error
|
CVE-2020-2241
|
2024-11-21 14:25 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200635
|
8.8 |
HIGH
Network
|
jenkins
|
database
|
A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts.
|
CWE-352
Origin Validation Error
|
CVE-2020-2240
|
2024-11-21 14:25 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200636
|
4.3 |
MEDIUM
Network
|
jenkins
|
parameterized_remote_trigger
|
Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2020-2239
|
2024-11-21 14:25 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200637
|
5.4 |
MEDIUM
Network
|
jenkins
|
git_parameter
|
Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2238
|
2024-11-21 14:25 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200638
|
4.3 |
MEDIUM
Network
|
jenkins
|
flaky_test_handler
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision.
|
CWE-352
Origin Validation Error
|
CVE-2020-2237
|
2024-11-21 14:25 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200639
|
5.4 |
MEDIUM
Network
|
jenkins
|
yet_another_build_visualizer
|
Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Run/Update permi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2236
|
2024-11-21 14:25 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200640
|
6.5 |
MEDIUM
Network
|
jenkins
|
pipeline_maven_integration
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified…
|
CWE-352
Origin Validation Error
|
CVE-2020-2235
|
2024-11-21 14:25 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
