|
199461
|
6.1 |
MEDIUM
Network
|
jenkins
|
awseb_deployment
|
Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-2174
|
2024-11-21 14:24 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199462
|
5.4 |
MEDIUM
Network
|
jenkins
|
gatling
|
Jenkins Gatling Plugin 1.2.7 and earlier prevents Content-Security-Policy headers from being set for Gatling reports served by the plugin, resulting in an XSS vulnerability exploitable by users able …
|
CWE-79
Cross-site Scripting
|
CVE-2020-2173
|
2024-11-21 14:24 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199463
|
6.5 |
MEDIUM
Network
|
jenkins
|
code_coverage_api
|
Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
|
CWE-776
XML Entity Expansion
|
CVE-2020-2172
|
2024-11-21 14:24 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199464
|
8.8 |
HIGH
Network
|
jenkins
|
rapiddeploy
|
Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
|
CWE-611
XXE
|
CVE-2020-2171
|
2024-11-21 14:24 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199465
|
5.4 |
MEDIUM
Network
|
jenkins
|
rapiddeploy
|
Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-2170
|
2024-11-21 14:24 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199466
|
6.1 |
MEDIUM
Network
|
jenkins
|
queue_cleanup
|
A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and earlier does not properly escape a query parameter displayed in an error message, resulting in a reflected XSS vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-2169
|
2024-11-21 14:24 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199467
|
8.8 |
HIGH
Network
|
jenkins
|
azure_container_service
|
Jenkins Azure Container Service Plugin 1.0.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
|
CWE-20
Improper Input Validation
|
CVE-2020-2168
|
2024-11-21 14:24 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199468
|
8.8 |
HIGH
Network
|
jenkins
|
openshift_pipeline
|
Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
|
CWE-20
Improper Input Validation
|
CVE-2020-2167
|
2024-11-21 14:24 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199469
|
8.8 |
HIGH
Network
|
jenkins
|
pipeline\
|
Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
|
CWE-20
Improper Input Validation
|
CVE-2020-2166
|
2024-11-21 14:24 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199470
|
7.5 |
HIGH
Network
|
jfrog
|
artifactory
|
Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-2165
|
2024-11-21 14:24 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
