Filtered by vendor Jenkins
Subscribe
Total
1647 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2112 | 1 Jenkins | 1 Git Parameter | 2023-10-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission. | |||||
| CVE-2019-1003021 | 1 Jenkins | 1 Openid Connect Authentication | 2023-10-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret. | |||||
| CVE-2020-2287 | 1 Jenkins | 1 Audit Trail | 2023-10-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL. | |||||
| CVE-2019-16571 | 1 Jenkins | 1 Rapiddeploy | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. | |||||
| CVE-2019-1003041 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift Container Platform | 2023-10-25 | 7.5 HIGH | 9.8 CRITICAL |
| A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. | |||||
| CVE-2019-10443 | 1 Jenkins | 1 Icescrum | 2023-10-25 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10467 | 1 Jenkins | 1 Sonar Gerrit | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-2234 | 1 Jenkins | 1 Pipeline Maven Integration | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. | |||||
| CVE-2020-2225 | 1 Jenkins | 1 Matrix Project | 2023-10-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2019-10318 | 1 Jenkins | 1 Azure Ad | 2023-10-25 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret unencrypted in the global config.xml configuration file on the Jenkins master where it could be viewed by users with access to the master file system. | |||||
| CVE-2020-2140 | 1 Jenkins | 1 Audit Trail | 2023-10-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. | |||||
| CVE-2019-10393 | 1 Jenkins | 1 Script Security | 2023-10-25 | 4.9 MEDIUM | 4.2 MEDIUM |
| A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of method names in method call expressions allowed attackers to execute arbitrary code in sandboxed scripts. | |||||
| CVE-2019-1003068 | 1 Jenkins | 1 Vmware Vrealize Automation | 2023-10-25 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10366 | 1 Jenkins | 1 Skytap Cloud Ci | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003072 | 1 Jenkins | 1 Wildfly Deployer | 2023-10-25 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins WildFly Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10474 | 1 Jenkins | 1 Global Post Script | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Global Post Script Plugin in allowed users with Overall/Read access to list the scripts available to the plugin stored on the Jenkins master file system. | |||||
| CVE-2021-21631 | 1 Jenkins | 1 Cloud Statistics | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Cloud Statistics Plugin 0.26 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission and knowledge of random activity IDs to view related provisioning exception error messages. | |||||
| CVE-2019-10370 | 1 Jenkins | 1 Mask Passwords | 2023-10-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally configured passwords in plain text as part of the configuration form, potentially resulting in their exposure. | |||||
| CVE-2020-2184 | 1 Jenkins | 1 Current Versions Systems | 2023-10-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL. | |||||
| CVE-2019-10449 | 1 Jenkins | 1 Fortify On Demand | 2023-10-25 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||