|
199001
|
8.8 |
HIGH
Network
|
jenkins
|
perfecto
|
Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller
|
CWE-78
OS Command
|
CVE-2020-2261
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199002
|
4.3 |
MEDIUM
Network
|
jenkins
|
perfecto
|
A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials.
|
CWE-862
Missing Authorization
|
CVE-2020-2260
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199003
|
5.4 |
MEDIUM
Network
|
jenkins
|
computer_queue
|
Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Con…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2259
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199004
|
4.3 |
MEDIUM
Network
|
jenkins
|
health_advisor_by_cloudbees
|
Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view that HTTP endpo…
|
CWE-863
Incorrect Authorization
|
CVE-2020-2258
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199005
|
5.4 |
MEDIUM
Network
|
jenkins
|
validating_string_parameter
|
Jenkins Validating String Parameter Plugin 2.4 and earlier does not escape various user-controlled fields, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2257
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199006
|
5.4 |
MEDIUM
Network
|
jenkins
|
pipeline_maven_integration
|
Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting (XSS) vulnerabil…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2256
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199007
|
4.3 |
MEDIUM
Network
|
jenkins
|
blue_ocean
|
A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
|
CWE-862
Missing Authorization
|
CVE-2020-2255
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199008
|
6.5 |
MEDIUM
Network
|
jenkins
|
blue_ocean
|
Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Je…
|
CWE-22
Path Traversal
|
CVE-2020-2254
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199009
|
4.8 |
MEDIUM
Network
|
jenkins
|
email_extension
|
Jenkins Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-2253
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199010
|
4.8 |
MEDIUM
Network
|
jenkins
|
mailer
|
Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-2252
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
