Filtered by vendor Jenkins
Subscriptions
Total
1757 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-2159 | 1 Jenkins | 1 Cryptomove | 2024-11-21 | 8.8 High |
| Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins. | ||||
| CVE-2020-2158 | 1 Jenkins | 1 Literate | 2024-11-21 | 8.8 High |
| Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2157 | 1 Jenkins | 1 Skytap Cloud Ci | 2024-11-21 | 4.3 Medium |
| Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | ||||
| CVE-2020-2156 | 1 Jenkins | 1 Deployhub | 2024-11-21 | 4.3 Medium |
| Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | ||||
| CVE-2020-2155 | 1 Jenkins | 1 Openshift Deployer | 2024-11-21 | 5.3 Medium |
| Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | ||||
| CVE-2020-2154 | 1 Jenkins | 1 Zephyr For Jira Test Management | 2024-11-21 | 5.5 Medium |
| Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system. | ||||
| CVE-2020-2153 | 1 Jenkins | 1 Backlog | 2024-11-21 | 4.3 Medium |
| Jenkins Backlog Plugin 2.4 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | ||||
| CVE-2020-2152 | 1 Jenkins | 1 Subversion Release Manager | 2024-11-21 | 6.1 Medium |
| Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability. | ||||
| CVE-2020-2151 | 1 Jenkins | 1 Quality Gates | 2024-11-21 | 5.3 Medium |
| Jenkins Quality Gates Plugin 2.5 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | ||||
| CVE-2020-2150 | 1 Jenkins | 1 Sonar Quality Gates | 2024-11-21 | 5.3 Medium |
| Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | ||||
| CVE-2020-2149 | 1 Jenkins | 1 Repository Connector | 2024-11-21 | 5.3 Medium |
| Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | ||||
| CVE-2020-2148 | 1 Jenkins | 1 Mac | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. | ||||
| CVE-2020-2147 | 1 Jenkins | 1 Mac | 2024-11-21 | 4.3 Medium |
| A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. | ||||
| CVE-2020-2146 | 1 Jenkins | 1 Mac | 2024-11-21 | 7.4 High |
| Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. | ||||
| CVE-2020-2145 | 1 Jenkins | 1 Zephyr Enterprise Test Management | 2024-11-21 | 5.5 Medium |
| Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system. | ||||
| CVE-2020-2144 | 1 Jenkins | 1 Rundeck | 2024-11-21 | 7.1 High |
| Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2143 | 1 Jenkins | 1 Logstash | 2024-11-21 | 5.3 Medium |
| Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | ||||
| CVE-2020-2142 | 1 Jenkins | 1 P4 | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier allows attackers with Overall/Read permission to trigger builds. | ||||
| CVE-2020-2141 | 1 Jenkins | 1 P4 | 2024-11-21 | 4.3 Medium |
| A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.10 and earlier allows attackers to trigger builds or add a labels in Perforce. | ||||
| CVE-2020-2140 | 1 Jenkins | 1 Audit Trail | 2024-11-21 | 6.1 Medium |
| Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. | ||||