|
200711
|
8.8 |
HIGH
Network
|
jenkins
|
play_framework
|
Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerabil…
|
CWE-78
OS Command
|
CVE-2020-2200
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200712
|
6.1 |
MEDIUM
Network
|
jenkins
|
subversion_partial_release_manager
|
Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulne…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2199
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200713
|
6.5 |
MEDIUM
Network
|
jenkins
|
project_inheritance
|
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-2198
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200714
|
4.3 |
MEDIUM
Network
|
jenkins
|
project_inheritance
|
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-2197
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200715
|
8.0 |
HIGH
Network
|
jenkins
|
selenium
|
Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin.
|
CWE-352
Origin Validation Error
|
CVE-2020-2196
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200716
|
5.4 |
MEDIUM
Network
|
jenkins
|
compact_columns
|
Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips, resulting in a stored cross-site scripting vulnerability that can be exploited by users with Job/…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2195
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200717
|
5.4 |
MEDIUM
Network
|
jenkins
|
echarts_api
|
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-2194
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200718
|
5.4 |
MEDIUM
Network
|
jenkins
|
echarts_api
|
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-2193
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200719
|
6.5 |
MEDIUM
Network
|
jenkins
|
self-organizing_swarm_modules
|
A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels.
|
CWE-352
Origin Validation Error
|
CVE-2020-2192
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200720
|
4.3 |
MEDIUM
Network
|
jenkins
|
self-organizing_swarm_modules
|
Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-2191
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
