|
199581
|
8.8 |
HIGH
Local
|
katacontainers
fedoraproject
|
runtime
fedora
|
A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesy…
|
CWE-59
Link Following
|
CVE-2020-2026
|
2024-11-21 14:24 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199582
|
6.3 |
MEDIUM
Local
|
katacontainers
|
runtime
|
Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-age…
|
NVD-CWE-noinfo
|
CVE-2020-2023
|
2024-11-21 14:24 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199583
|
8.8 |
HIGH
Network
|
jenkins
|
play_framework
|
Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerabil…
|
CWE-78
OS Command
|
CVE-2020-2200
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199584
|
6.1 |
MEDIUM
Network
|
jenkins
|
subversion_partial_release_manager
|
Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulne…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2199
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199585
|
6.5 |
MEDIUM
Network
|
jenkins
|
project_inheritance
|
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-2198
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199586
|
4.3 |
MEDIUM
Network
|
jenkins
|
project_inheritance
|
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-2197
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199587
|
8.0 |
HIGH
Network
|
jenkins
|
selenium
|
Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin.
|
CWE-352
Origin Validation Error
|
CVE-2020-2196
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199588
|
5.4 |
MEDIUM
Network
|
jenkins
|
compact_columns
|
Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips, resulting in a stored cross-site scripting vulnerability that can be exploited by users with Job/…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2195
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199589
|
5.4 |
MEDIUM
Network
|
jenkins
|
echarts_api
|
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-2194
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199590
|
5.4 |
MEDIUM
Network
|
jenkins
|
echarts_api
|
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-2193
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
