|
198991
|
5.4 |
MEDIUM
Network
|
jenkins
|
locked_files_report
|
Jenkins Locked Files Report Plugin 1.6 and earlier does not escape locked files' names in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Co…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2271
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198992
|
5.4 |
MEDIUM
Network
|
jenkins
|
clearcase_release
|
Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with …
|
CWE-79
Cross-site Scripting
|
CVE-2020-2270
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198993
|
5.4 |
MEDIUM
Network
|
jenkins
|
chosen-views-tabbar
|
Jenkins chosen-views-tabbar Plugin 1.2 and earlier does not escape view names in the dropdown to select views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers …
|
CWE-79
Cross-site Scripting
|
CVE-2020-2269
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198994
|
8.8 |
HIGH
Network
|
jenkins
|
mongodb
|
A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller.
|
CWE-352
Origin Validation Error
|
CVE-2020-2268
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198995
|
4.3 |
MEDIUM
Network
|
jenkins
|
mongodb
|
A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller.
|
CWE-862
Missing Authorization
|
CVE-2020-2267
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198996
|
5.4 |
MEDIUM
Network
|
jenkins
|
description_column
|
Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers wi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2266
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198997
|
5.4 |
MEDIUM
Network
|
jenkins
|
coverage\/complexity_scatter_plot
|
Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by att…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2265
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198998
|
5.4 |
MEDIUM
Network
|
jenkins
|
custom_job_icon
|
Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Confi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2264
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198999
|
5.4 |
MEDIUM
Network
|
jenkins
|
radiator_view
|
Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/C…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2263
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199000
|
5.4 |
MEDIUM
Network
|
jenkins
|
android_lint
|
Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2262
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
