|
199571
|
3.3 |
LOW
Local
|
jenkins
|
couchdb-statistics
|
Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-2291
|
2024-11-21 14:25 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199572
|
5.4 |
MEDIUM
Network
|
jenkins
|
active_choices
|
Jenkins Active Choices Plugin 2.4 and earlier does not escape some return values of sandboxed scripts for Reactive Reference Parameters, resulting in a stored cross-site scripting (XSS) vulnerability…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2290
|
2024-11-21 14:25 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199573
|
5.4 |
MEDIUM
Network
|
jenkins
|
active_choices
|
Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers wit…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2289
|
2024-11-21 14:25 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199574
|
5.3 |
MEDIUM
Network
|
jenkins
|
audit_trail
|
In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request handling.
|
-
|
CVE-2020-2288
|
2024-11-21 14:25 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199575
|
5.3 |
MEDIUM
Network
|
jenkins
|
audit_trail
|
Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attac…
|
-
|
CVE-2020-2287
|
2024-11-21 14:25 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199576
|
8.8 |
HIGH
Network
|
jenkins
|
role-based_authorization_strategy
|
Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an …
|
-
|
CVE-2020-2286
|
2024-11-21 14:25 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199577
|
4.3 |
MEDIUM
Network
|
jenkins
|
liquibase_runner
|
A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
|
CWE-862
Missing Authorization
|
CVE-2020-2285
|
2024-11-21 14:25 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199578
|
7.1 |
HIGH
Network
|
jenkins
|
liquibase_runner
|
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
|
CWE-611
XXE
|
CVE-2020-2284
|
2024-11-21 14:25 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199579
|
5.4 |
MEDIUM
Network
|
jenkins
|
liquibase_runner
|
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control changeset fil…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2283
|
2024-11-21 14:25 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199580
|
4.3 |
MEDIUM
Network
|
jenkins
|
implied_labels
|
Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin.
|
CWE-862
Missing Authorization
|
CVE-2020-2282
|
2024-11-21 14:25 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
