|
199451
|
4.3 |
MEDIUM
Network
|
jenkins
|
current_versions_systems
|
A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL.
|
CWE-352
Origin Validation Error
|
CVE-2020-2184
|
2024-11-21 14:24 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199452
|
6.5 |
MEDIUM
Network
|
jenkins
|
copy_artifact
|
Jenkins Copy Artifact Plugin 1.43.1 and earlier performs improper permission checks, allowing attackers to copy artifacts from jobs they have no permission to access.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-2183
|
2024-11-21 14:24 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199453
|
4.3 |
MEDIUM
Network
|
jenkins
|
credentials_binding
|
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-2182
|
2024-11-21 14:24 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199454
|
6.5 |
MEDIUM
Network
|
jenkins
|
credentials_binding
|
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-2181
|
2024-11-21 14:24 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199455
|
8.8 |
HIGH
Network
|
jenkins
|
amazon_web_services_serverless_application_model
|
Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-2180
|
2024-11-21 14:24 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199456
|
8.8 |
HIGH
Network
|
jenkins
|
yaml_axis
|
Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-2179
|
2024-11-21 14:24 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199457
|
7.1 |
HIGH
Network
|
jenkins
|
parasoft_findings
|
Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
|
CWE-611
XXE
|
CVE-2020-2178
|
2024-11-21 14:24 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199458
|
4.3 |
MEDIUM
Network
|
jenkins
|
copr
|
Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the mast…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-2177
|
2024-11-21 14:24 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199459
|
5.4 |
MEDIUM
Network
|
jenkins
|
usemango_runner
|
Multiple form validation endpoints in Jenkins useMango Runner Plugin 1.4 and earlier do not escape values received from the useMango service, resulting in a cross-site scripting (XSS) vulnerability e…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2176
|
2024-11-21 14:24 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199460
|
5.4 |
MEDIUM
Network
|
jenkins
|
fitnesse
|
Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2175
|
2024-11-21 14:24 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
