|
200741
|
8.1 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distr…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2020-2002
|
2024-11-21 14:24 |
2020-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200742
|
8.8 |
HIGH
Network
|
jenkins
|
source_code_management_filter_jervis
|
Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-2189
|
2024-11-21 14:24 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200743
|
4.3 |
MEDIUM
Network
|
jenkins
|
amazon_ec2
|
A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
|
CWE-863
Incorrect Authorization
|
CVE-2020-2188
|
2024-11-21 14:24 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200744
|
5.6 |
MEDIUM
Network
|
jenkins
|
amazon_ec2
|
Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks.
|
CWE-295
Improper Certificate Validation
|
CVE-2020-2187
|
2024-11-21 14:24 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200745
|
4.3 |
MEDIUM
Network
|
jenkins
|
amazon_ec2
|
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances.
|
CWE-352
Origin Validation Error
|
CVE-2020-2186
|
2024-11-21 14:24 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200746
|
5.6 |
MEDIUM
Network
|
jenkins
|
amazon_ec2
|
Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks.
|
NVD-CWE-Other
|
CVE-2020-2185
|
2024-11-21 14:24 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200747
|
4.3 |
MEDIUM
Network
|
jenkins
|
current_versions_systems
|
A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL.
|
CWE-352
Origin Validation Error
|
CVE-2020-2184
|
2024-11-21 14:24 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200748
|
6.5 |
MEDIUM
Network
|
jenkins
|
copy_artifact
|
Jenkins Copy Artifact Plugin 1.43.1 and earlier performs improper permission checks, allowing attackers to copy artifacts from jobs they have no permission to access.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-2183
|
2024-11-21 14:24 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200749
|
4.3 |
MEDIUM
Network
|
jenkins
|
credentials_binding
|
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-2182
|
2024-11-21 14:24 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200750
|
6.5 |
MEDIUM
Network
|
jenkins
|
credentials_binding
|
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-2181
|
2024-11-21 14:24 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
