|
199161
|
5.4 |
MEDIUM
Network
|
jenkins
|
chosen-views-tabbar
|
Jenkins chosen-views-tabbar Plugin 1.2 and earlier does not escape view names in the dropdown to select views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers …
|
CWE-79
Cross-site Scripting
|
CVE-2020-2269
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199162
|
8.8 |
HIGH
Network
|
jenkins
|
mongodb
|
A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller.
|
CWE-352
Origin Validation Error
|
CVE-2020-2268
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199163
|
4.3 |
MEDIUM
Network
|
jenkins
|
mongodb
|
A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller.
|
CWE-862
Missing Authorization
|
CVE-2020-2267
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199164
|
5.4 |
MEDIUM
Network
|
jenkins
|
description_column
|
Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers wi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2266
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199165
|
5.4 |
MEDIUM
Network
|
jenkins
|
coverage\/complexity_scatter_plot
|
Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by att…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2265
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199166
|
5.4 |
MEDIUM
Network
|
jenkins
|
custom_job_icon
|
Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Confi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2264
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199167
|
5.4 |
MEDIUM
Network
|
jenkins
|
radiator_view
|
Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/C…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2263
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199168
|
5.4 |
MEDIUM
Network
|
jenkins
|
android_lint
|
Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2262
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199169
|
8.8 |
HIGH
Network
|
jenkins
|
perfecto
|
Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller
|
CWE-78
OS Command
|
CVE-2020-2261
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199170
|
4.3 |
MEDIUM
Network
|
jenkins
|
perfecto
|
A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials.
|
CWE-862
Missing Authorization
|
CVE-2020-2260
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
