|
201121
|
5.4 |
MEDIUM
Network
|
jenkins
|
active_choices
|
Jenkins Active Choices Plugin 2.4 and earlier does not escape some return values of sandboxed scripts for Reactive Reference Parameters, resulting in a stored cross-site scripting (XSS) vulnerability…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2290
|
2024-11-21 14:25 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201122
|
5.4 |
MEDIUM
Network
|
jenkins
|
active_choices
|
Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers wit…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2289
|
2024-11-21 14:25 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201123
|
5.3 |
MEDIUM
Network
|
jenkins
|
audit_trail
|
In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request handling.
|
-
|
CVE-2020-2288
|
2024-11-21 14:25 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201124
|
5.3 |
MEDIUM
Network
|
jenkins
|
audit_trail
|
Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attac…
|
-
|
CVE-2020-2287
|
2024-11-21 14:25 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201125
|
8.8 |
HIGH
Network
|
jenkins
|
role-based_authorization_strategy
|
Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an …
|
-
|
CVE-2020-2286
|
2024-11-21 14:25 |
2020-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201126
|
4.3 |
MEDIUM
Network
|
jenkins
|
liquibase_runner
|
A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
|
CWE-862
Missing Authorization
|
CVE-2020-2285
|
2024-11-21 14:25 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201127
|
7.1 |
HIGH
Network
|
jenkins
|
liquibase_runner
|
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
|
CWE-611
XXE
|
CVE-2020-2284
|
2024-11-21 14:25 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201128
|
5.4 |
MEDIUM
Network
|
jenkins
|
liquibase_runner
|
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control changeset fil…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2283
|
2024-11-21 14:25 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201129
|
4.3 |
MEDIUM
Network
|
jenkins
|
implied_labels
|
Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin.
|
CWE-862
Missing Authorization
|
CVE-2020-2282
|
2024-11-21 14:25 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201130
|
5.4 |
MEDIUM
Network
|
jenkins
|
lockable_resources
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources.
|
CWE-352
Origin Validation Error
|
CVE-2020-2281
|
2024-11-21 14:25 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
