|
199641
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-2162
|
2024-11-21 14:24 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199642
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored X…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2161
|
2024-11-21 14:24 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199643
|
8.8 |
HIGH
Network
|
jenkins
|
jenkins
|
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.
|
CWE-352
Origin Validation Error
|
CVE-2020-2160
|
2024-11-21 14:24 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199644
|
8.8 |
HIGH
Network
|
jenkins
|
cryptomove
|
Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins.
|
CWE-78
OS Command
|
CVE-2020-2159
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199645
|
8.8 |
HIGH
Network
|
jenkins
|
literate
|
Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-2158
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199646
|
4.3 |
MEDIUM
Network
|
jenkins
|
skytap_cloud_ci
|
Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-2157
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199647
|
4.3 |
MEDIUM
Network
|
jenkins
|
deployhub
|
Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-2156
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199648
|
5.3 |
MEDIUM
Network
|
jenkins
|
openshift_deployer
|
Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-2155
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199649
|
5.5 |
MEDIUM
Local
|
jenkins
|
zephyr_for_jira_test_management
|
Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-2154
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199650
|
4.3 |
MEDIUM
Network
|
jenkins
|
backlog
|
Jenkins Backlog Plugin 2.4 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-2153
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
