|
209411
|
6.3 |
MEDIUM
Local
|
katacontainers
|
runtime
|
Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-age…
|
NVD-CWE-noinfo
|
CVE-2020-2023
|
2024-11-21 14:24 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209412
|
8.8 |
HIGH
Network
|
jenkins
|
play_framework
|
Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerabil…
|
CWE-78
OS Command
|
CVE-2020-2200
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209413
|
6.1 |
MEDIUM
Network
|
jenkins
|
subversion_partial_release_manager
|
Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulne…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2199
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209414
|
6.5 |
MEDIUM
Network
|
jenkins
|
project_inheritance
|
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-2198
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209415
|
4.3 |
MEDIUM
Network
|
jenkins
|
project_inheritance
|
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-2197
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209416
|
8.0 |
HIGH
Network
|
jenkins
|
selenium
|
Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin.
|
CWE-352
Origin Validation Error
|
CVE-2020-2196
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209417
|
5.4 |
MEDIUM
Network
|
jenkins
|
compact_columns
|
Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips, resulting in a stored cross-site scripting vulnerability that can be exploited by users with Job/…
|
CWE-79
Cross-site Scripting
|
CVE-2020-2195
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209418
|
5.4 |
MEDIUM
Network
|
jenkins
|
echarts_api
|
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-2194
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209419
|
5.4 |
MEDIUM
Network
|
jenkins
|
echarts_api
|
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-2193
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209420
|
6.5 |
MEDIUM
Network
|
jenkins
|
self-organizing_swarm_modules
|
A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels.
|
CWE-352
Origin Validation Error
|
CVE-2020-2192
|
2024-11-21 14:24 |
2020-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
