|
199021
|
8.8 |
HIGH
Network
|
jenkins
|
database
|
A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials.
|
CWE-352
Origin Validation Error
|
CVE-2020-2241
|
2024-11-21 14:25 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199022
|
8.8 |
HIGH
Network
|
jenkins
|
database
|
A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts.
|
CWE-352
Origin Validation Error
|
CVE-2020-2240
|
2024-11-21 14:25 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199023
|
4.3 |
MEDIUM
Network
|
jenkins
|
parameterized_remote_trigger
|
Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2020-2239
|
2024-11-21 14:25 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199024
|
5.4 |
MEDIUM
Network
|
jenkins
|
git_parameter
|
Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2238
|
2024-11-21 14:25 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199025
|
4.3 |
MEDIUM
Network
|
jenkins
|
flaky_test_handler
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision.
|
CWE-352
Origin Validation Error
|
CVE-2020-2237
|
2024-11-21 14:25 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199026
|
5.4 |
MEDIUM
Network
|
jenkins
|
yet_another_build_visualizer
|
Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Run/Update permi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2236
|
2024-11-21 14:25 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199027
|
6.5 |
MEDIUM
Network
|
jenkins
|
pipeline_maven_integration
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified…
|
CWE-352
Origin Validation Error
|
CVE-2020-2235
|
2024-11-21 14:25 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199028
|
6.5 |
MEDIUM
Network
|
jenkins
|
pipeline_maven_integration
|
A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified c…
|
CWE-862
Missing Authorization
|
CVE-2020-2234
|
2024-11-21 14:25 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199029
|
6.5 |
MEDIUM
Network
|
jenkins
|
pipeline_maven_integration
|
A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
|
CWE-863
Incorrect Authorization
|
CVE-2020-2233
|
2024-11-21 14:25 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199030
|
7.5 |
HIGH
Network
|
jenkins
|
email_extension
|
Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-2232
|
2024-11-21 14:25 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
