|
209941
|
4.3 |
MEDIUM
Network
|
jenkins
|
p4
|
A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.10 and earlier allows attackers to trigger builds or add a labels in Perforce.
|
CWE-352
Origin Validation Error
|
CVE-2020-2141
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209942
|
6.1 |
MEDIUM
Network
|
jenkins
|
audit_trail
|
Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-2140
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209943
|
6.5 |
MEDIUM
Network
|
jenkins
|
cobertura
|
An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file …
|
CWE-22
Path Traversal
|
CVE-2020-2139
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209944
|
7.1 |
HIGH
Network
|
jenkins
|
cobertura
|
Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
|
CWE-611
XXE
|
CVE-2020-2138
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209945
|
4.8 |
MEDIUM
Network
|
jenkins
|
timestamper
|
Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML formatting of its output, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission.
|
CWE-79
Cross-site Scripting
|
CVE-2020-2137
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209946
|
5.4 |
MEDIUM
Network
|
jenkins
|
git
|
Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-2136
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209947
|
8.8 |
HIGH
Network
|
jenkins
|
script_security
|
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable.
|
CWE-863
Incorrect Authorization
|
CVE-2020-2135
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209948
|
8.8 |
HIGH
Network
|
jenkins
|
script_security
|
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies.
|
CWE-863
Incorrect Authorization
|
CVE-2020-2134
|
2024-11-21 14:24 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209949
|
6.5 |
MEDIUM
Network
|
jenkins
|
applatix
|
Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the mas…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-2133
|
2024-11-21 14:24 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209950
|
6.5 |
MEDIUM
Network
|
jenkins
|
parasoft_environment_manager
|
Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission,…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-2132
|
2024-11-21 14:24 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
