Filtered by vendor Jenkins
Subscribe
Total
1647 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10310 | 1 Jenkins | 1 Ansible Tower | 2023-10-25 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins | |||||
| CVE-2020-2308 | 1 Jenkins | 1 Kubernetes | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names. | |||||
| CVE-2020-2151 | 1 Jenkins | 1 Quality Gates | 2023-10-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins Quality Gates Plugin 2.5 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2019-10333 | 1 Jenkins | 1 Electricflow | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Missing permission checks in Jenkins ElectricFlow Plugin 1.1.5 and earlier in various HTTP endpoints allowed users with Overall/Read access to obtain information about the Jenkins ElectricFlow Plugin configuration and configuration of connected ElectricFlow instances. | |||||
| CVE-2019-10454 | 1 Jenkins | 1 Rundeck | 2023-10-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2020-2152 | 1 Jenkins | 1 Subversion Release Manager | 2023-10-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability. | |||||
| CVE-2019-1003014 | 2 Jenkins, Redhat | 2 Config File Provider, Openshift Container Platform | 2023-10-25 | 3.5 LOW | 4.8 MEDIUM |
| An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete the shared configuration file. | |||||
| CVE-2020-2213 | 1 Jenkins | 1 White Source | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins White Source Plugin 19.1.1 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission (config.xml), or access to the master file system. | |||||
| CVE-2019-10392 | 1 Jenkins | 1 Git Client | 2023-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection. | |||||
| CVE-2020-2197 | 1 Jenkins | 1 Project Inheritance | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format. | |||||
| CVE-2019-10420 | 1 Jenkins | 1 Assembla | 2023-10-25 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2021-21651 | 1 Jenkins | 1 S3 Publisher | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles. | |||||
| CVE-2021-21646 | 1 Jenkins | 1 Templating Engine | 2023-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM. | |||||
| CVE-2019-10353 | 1 Jenkins | 1 Jenkins | 2023-10-25 | 5.1 MEDIUM | 7.5 HIGH |
| CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection. | |||||
| CVE-2020-2215 | 1 Jenkins | 1 Zephyr For Jira Test Management | 2023-10-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified username and password. | |||||
| CVE-2019-10299 | 1 Jenkins | 1 Cloudcoreo Deploytime | 2023-10-25 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins CloudCoreo DeployTime Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10326 | 1 Jenkins | 1 Warnings Next Generation | 2023-10-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attackers to reset warning counts for future builds. | |||||
| CVE-2020-2102 | 1 Jenkins | 1 Jenkins | 2023-10-25 | 3.5 LOW | 5.3 MEDIUM |
| Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC. | |||||
| CVE-2020-2199 | 1 Jenkins | 1 Subversion Partial Release Manager | 2023-10-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulnerability. | |||||
| CVE-2020-2278 | 1 Jenkins | 1 Storable Configs | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content. | |||||