|
201071
|
8.8 |
HIGH
Network
|
jenkins
|
database
|
A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts.
|
CWE-352
Origin Validation Error
|
CVE-2020-2240
|
2024-11-21 14:25 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201072
|
4.3 |
MEDIUM
Network
|
jenkins
|
parameterized_remote_trigger
|
Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2020-2239
|
2024-11-21 14:25 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201073
|
5.4 |
MEDIUM
Network
|
jenkins
|
git_parameter
|
Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2238
|
2024-11-21 14:25 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201074
|
4.3 |
MEDIUM
Network
|
jenkins
|
flaky_test_handler
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision.
|
CWE-352
Origin Validation Error
|
CVE-2020-2237
|
2024-11-21 14:25 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201075
|
5.4 |
MEDIUM
Network
|
jenkins
|
yet_another_build_visualizer
|
Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Run/Update permi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2236
|
2024-11-21 14:25 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201076
|
6.5 |
MEDIUM
Network
|
jenkins
|
pipeline_maven_integration
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified…
|
CWE-352
Origin Validation Error
|
CVE-2020-2235
|
2024-11-21 14:25 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201077
|
6.5 |
MEDIUM
Network
|
jenkins
|
pipeline_maven_integration
|
A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified c…
|
CWE-862
Missing Authorization
|
CVE-2020-2234
|
2024-11-21 14:25 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201078
|
6.5 |
MEDIUM
Network
|
jenkins
|
pipeline_maven_integration
|
A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
|
CWE-863
Incorrect Authorization
|
CVE-2020-2233
|
2024-11-21 14:25 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201079
|
7.5 |
HIGH
Network
|
jenkins
|
email_extension
|
Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-2232
|
2024-11-21 14:25 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201080
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vuln…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2231
|
2024-11-21 14:25 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
