|
208221
|
8.8 |
HIGH
Network
|
jenkins
|
radargun
|
Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-2123
|
2024-11-21 14:24 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208222
|
5.4 |
MEDIUM
Network
|
jenkins
|
brakeman
|
Jenkins Brakeman Plugin 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability exploitable by users able …
|
CWE-79
Cross-site Scripting
|
CVE-2020-2122
|
2024-11-21 14:24 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208223
|
8.8 |
HIGH
Network
|
jenkins
|
google_kubernetes_engine
|
Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
|
NVD-CWE-noinfo
|
CVE-2020-2121
|
2024-11-21 14:24 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208224
|
8.8 |
HIGH
Network
|
jenkins
|
fitnesse
|
Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks.
|
CWE-611
XXE
|
CVE-2020-2120
|
2024-11-21 14:24 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208225
|
5.3 |
MEDIUM
Network
|
jenkins
|
azure_ad
|
Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-2119
|
2024-11-21 14:24 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208226
|
4.3 |
MEDIUM
Network
|
jenkins
|
pipeline_github_notify_step
|
A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials st…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-2118
|
2024-11-21 14:24 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208227
|
4.3 |
MEDIUM
Network
|
jenkins
|
pipeline_github_notify_step
|
A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specifi…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-2117
|
2024-11-21 14:24 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208228
|
8.8 |
HIGH
Network
|
jenkins
|
pipeline_github_notify_step
|
A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credential…
|
CWE-352
Origin Validation Error
|
CVE-2020-2116
|
2024-11-21 14:24 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208229
|
8.8 |
HIGH
Network
|
jenkins
|
nunit
|
Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks.
|
CWE-611
XXE
|
CVE-2020-2115
|
2024-11-21 14:24 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208230
|
7.5 |
HIGH
Network
|
jenkins
|
s3_publisher
|
Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-2114
|
2024-11-21 14:24 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
