|
208261
|
4.3 |
MEDIUM
Network
|
jenkins
|
credentials_binding
|
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-2182
|
2024-11-21 14:24 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208262
|
6.5 |
MEDIUM
Network
|
jenkins
|
credentials_binding
|
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-2181
|
2024-11-21 14:24 |
2020-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208263
|
8.8 |
HIGH
Network
|
jenkins
|
amazon_web_services_serverless_application_model
|
Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-2180
|
2024-11-21 14:24 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208264
|
8.8 |
HIGH
Network
|
jenkins
|
yaml_axis
|
Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-2179
|
2024-11-21 14:24 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208265
|
7.1 |
HIGH
Network
|
jenkins
|
parasoft_findings
|
Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
|
CWE-611
XXE
|
CVE-2020-2178
|
2024-11-21 14:24 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208266
|
4.3 |
MEDIUM
Network
|
jenkins
|
copr
|
Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the mast…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-2177
|
2024-11-21 14:24 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208267
|
5.4 |
MEDIUM
Network
|
jenkins
|
usemango_runner
|
Multiple form validation endpoints in Jenkins useMango Runner Plugin 1.4 and earlier do not escape values received from the useMango service, resulting in a cross-site scripting (XSS) vulnerability e…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2176
|
2024-11-21 14:24 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208268
|
5.4 |
MEDIUM
Network
|
jenkins
|
fitnesse
|
Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2175
|
2024-11-21 14:24 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208269
|
6.1 |
MEDIUM
Network
|
jenkins
|
awseb_deployment
|
Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-2174
|
2024-11-21 14:24 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208270
|
5.4 |
MEDIUM
Network
|
jenkins
|
gatling
|
Jenkins Gatling Plugin 1.2.7 and earlier prevents Content-Security-Policy headers from being set for Gatling reports served by the plugin, resulting in an XSS vulnerability exploitable by users able …
|
CWE-79
Cross-site Scripting
|
CVE-2020-2173
|
2024-11-21 14:24 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
