|
201031
|
4.3 |
MEDIUM
Network
|
jenkins
|
project_inheritance
|
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-2197
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201032
|
8.0 |
HIGH
Network
|
jenkins
|
selenium
|
Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin.
|
CWE-352
Origin Validation Error
|
CVE-2020-2196
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201033
|
5.4 |
MEDIUM
Network
|
jenkins
|
compact_columns
|
Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips, resulting in a stored cross-site scripting vulnerability that can be exploited by users with Job/…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2195
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201034
|
5.4 |
MEDIUM
Network
|
jenkins
|
echarts_api
|
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-2194
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201035
|
5.4 |
MEDIUM
Network
|
jenkins
|
echarts_api
|
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-2193
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201036
|
6.5 |
MEDIUM
Network
|
jenkins
|
self-organizing_swarm_modules
|
A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels.
|
CWE-352
Origin Validation Error
|
CVE-2020-2192
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201037
|
4.3 |
MEDIUM
Network
|
jenkins
|
self-organizing_swarm_modules
|
Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-2191
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201038
|
5.4 |
MEDIUM
Network
|
jenkins
|
script_security
|
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vuln…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2190
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201039
|
8.8 |
HIGH
Local
|
katacontainers
|
runtime
|
Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all sub…
|
CWE-281
Improper Preservation of Permissions
|
CVE-2020-2025
|
2024-11-21 14:24 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201040
|
6.5 |
MEDIUM
Local
|
katacontainers
|
runtime
|
An improper link resolution vulnerability affects Kata Containers versions prior to 1.11.0. Upon container teardown, a malicious guest can trick the kata-runtime into unmounting any mount point on th…
|
CWE-59
Link Following
|
CVE-2020-2024
|
2024-11-21 14:24 |
2020-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
