|
201461
|
8.8 |
HIGH
Network
|
jenkins
|
mongodb
|
A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller.
|
CWE-352
Origin Validation Error
|
CVE-2020-2268
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201462
|
4.3 |
MEDIUM
Network
|
jenkins
|
mongodb
|
A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller.
|
CWE-862
Missing Authorization
|
CVE-2020-2267
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201463
|
5.4 |
MEDIUM
Network
|
jenkins
|
description_column
|
Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers wi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2266
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201464
|
5.4 |
MEDIUM
Network
|
jenkins
|
coverage\/complexity_scatter_plot
|
Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by att…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2265
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201465
|
5.4 |
MEDIUM
Network
|
jenkins
|
custom_job_icon
|
Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Confi…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2264
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201466
|
5.4 |
MEDIUM
Network
|
jenkins
|
radiator_view
|
Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/C…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2263
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201467
|
5.4 |
MEDIUM
Network
|
jenkins
|
android_lint
|
Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2262
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201468
|
8.8 |
HIGH
Network
|
jenkins
|
perfecto
|
Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller
|
CWE-78
OS Command
|
CVE-2020-2261
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201469
|
4.3 |
MEDIUM
Network
|
jenkins
|
perfecto
|
A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials.
|
CWE-862
Missing Authorization
|
CVE-2020-2260
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201470
|
5.4 |
MEDIUM
Network
|
jenkins
|
computer_queue
|
Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Con…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2259
|
2024-11-21 14:25 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
