|
199031
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vuln…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2231
|
2024-11-21 14:25 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199032
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Ov…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2230
|
2024-11-21 14:25 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199033
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-2229
|
2024-11-21 14:25 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199034
|
8.8 |
HIGH
Network
|
jenkins
|
gitlab_authentication
|
Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability.
|
CWE-863
Incorrect Authorization
|
CVE-2020-2228
|
2024-11-21 14:25 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199035
|
5.4 |
MEDIUM
Network
|
jenkins
|
deployer_framework
|
Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-2227
|
2024-11-21 14:25 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199036
|
5.4 |
MEDIUM
Network
|
jenkins
|
matrix_authorization_strategy
|
Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the configuration, resulting in a stored cross-site scripting vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-2226
|
2024-11-21 14:25 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199037
|
5.4 |
MEDIUM
Network
|
jenkins
|
matrix_project
|
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerabi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2225
|
2024-11-21 14:25 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199038
|
5.4 |
MEDIUM
Network
|
jenkins
|
matrix_project
|
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerabi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2224
|
2024-11-21 14:25 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199039
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scr…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2223
|
2024-11-21 14:25 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199040
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-2222
|
2024-11-21 14:25 |
2020-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
