Filtered by vendor Jenkins
Subscribe
Total
1647 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21639 | 1 Jenkins | 1 Jenkins | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node, allowing attackers with Computer/Configure permission to replace a node with one of a different type. | |||||
| CVE-2020-2237 | 1 Jenkins | 1 Flaky Test Handler | 2023-10-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision. | |||||
| CVE-2020-2252 | 1 Jenkins | 1 Mailer | 2023-10-25 | 5.8 MEDIUM | 4.8 MEDIUM |
| Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server. | |||||
| CVE-2019-1003094 | 1 Jenkins | 1 Open Stf | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Open STF Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10441 | 1 Jenkins | 1 Icescrum | 2023-10-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2020-2127 | 1 Jenkins | 1 Bmc Release Package And Deployment | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10375 | 1 Jenkins | 1 File System Scm | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master. | |||||
| CVE-2019-1003067 | 1 Jenkins | 1 Trac Publisher | 2023-10-25 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10418 | 1 Jenkins | 1 Kubernetes Pipeline | 2023-10-25 | 6.5 MEDIUM | 9.9 CRITICAL |
| Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. | |||||
| CVE-2020-2249 | 1 Jenkins | 1 Team Foundation Server | 2023-10-25 | 2.1 LOW | 3.3 LOW |
| Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. | |||||
| CVE-2020-2288 | 1 Jenkins | 1 Audit Trail | 2023-10-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request handling. | |||||
| CVE-2019-1003074 | 1 Jenkins | 1 Hyper.sh Commons | 2023-10-25 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Hyper.sh Commons Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2020-2153 | 1 Jenkins | 1 Backlog | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Backlog Plugin 2.4 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | |||||
| CVE-2019-16568 | 1 Jenkins | 1 Sctmexecutor | 2023-10-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins SCTMExecutor Plugin 2.2 and earlier transmits previously configured service credentials in plain text as part of the global configuration, as well as individual jobs' configurations. | |||||
| CVE-2021-21636 | 1 Jenkins | 1 Team Foundation Server | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. | |||||
| CVE-2019-10457 | 1 Jenkins | 1 Oracle Cloud Infrastructure Compute Classic | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2019-16576 | 1 Jenkins | 1 Alauda Kubernetes Support | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials stored in Jenkins. | |||||
| CVE-2020-2103 | 1 Jenkins | 1 Jenkins | 2023-10-25 | 4.0 MEDIUM | 5.4 MEDIUM |
| Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page. | |||||
| CVE-2019-10331 | 1 Jenkins | 1 Electricflow | 2023-10-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed attackers to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2020-2191 | 1 Jenkins | 1 Self-organizing Swarm Modules | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels. | |||||