|
208231
|
5.4 |
MEDIUM
Network
|
jenkins
|
git_parameter
|
Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure per…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2113
|
2024-11-21 14:24 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208232
|
5.4 |
MEDIUM
Network
|
jenkins
|
git_parameter
|
Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure pe…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2112
|
2024-11-21 14:24 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208233
|
5.4 |
MEDIUM
Network
|
jenkins
|
subversion
|
Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-2111
|
2024-11-21 14:24 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208234
|
8.8 |
HIGH
Network
|
jenkins
|
script_security
|
Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them in…
|
CWE-20
Improper Input Validation
|
CVE-2020-2110
|
2024-11-21 14:24 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208235
|
8.8 |
HIGH
Network
|
jenkins
|
pipeline\
|
Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods.
|
CWE-20
Improper Input Validation
|
CVE-2020-2109
|
2024-11-21 14:24 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208236
|
7.6 |
HIGH
Network
|
jenkins
|
websphere_deployer
|
Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions.
|
CWE-611
XXE
|
CVE-2020-2108
|
2024-11-21 14:24 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208237
|
4.3 |
MEDIUM
Network
|
jenkins
|
fortify
|
Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-2107
|
2024-11-21 14:24 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208238
|
5.4 |
MEDIUM
Network
|
jenkins
|
code_coverage_api
|
Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change jo…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2106
|
2024-11-21 14:24 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208239
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks.
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2020-2105
|
2024-11-21 14:24 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208240
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart.
|
CWE-863
Incorrect Authorization
|
CVE-2020-2104
|
2024-11-21 14:24 |
2020-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
