|
201491
|
5.4 |
MEDIUM
Network
|
jenkins
|
git_parameter
|
Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2238
|
2024-11-21 14:25 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201492
|
4.3 |
MEDIUM
Network
|
jenkins
|
flaky_test_handler
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision.
|
CWE-352
Origin Validation Error
|
CVE-2020-2237
|
2024-11-21 14:25 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201493
|
5.4 |
MEDIUM
Network
|
jenkins
|
yet_another_build_visualizer
|
Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Run/Update permi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2236
|
2024-11-21 14:25 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201494
|
6.5 |
MEDIUM
Network
|
jenkins
|
pipeline_maven_integration
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified…
|
CWE-352
Origin Validation Error
|
CVE-2020-2235
|
2024-11-21 14:25 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201495
|
6.5 |
MEDIUM
Network
|
jenkins
|
pipeline_maven_integration
|
A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified c…
|
CWE-862
Missing Authorization
|
CVE-2020-2234
|
2024-11-21 14:25 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201496
|
6.5 |
MEDIUM
Network
|
jenkins
|
pipeline_maven_integration
|
A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
|
CWE-863
Incorrect Authorization
|
CVE-2020-2233
|
2024-11-21 14:25 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201497
|
7.5 |
HIGH
Network
|
jenkins
|
email_extension
|
Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-2232
|
2024-11-21 14:25 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201498
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vuln…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2231
|
2024-11-21 14:25 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201499
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Ov…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2230
|
2024-11-21 14:25 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201500
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-2229
|
2024-11-21 14:25 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
